Loading ...

Play interactive tourEdit tour

Windows Analysis Report PtBIxmYbK8.dll

Overview

General Information

Sample Name:PtBIxmYbK8.dll
Analysis ID:553387
MD5:cdf3dc30cd25f5dc97c5f7b9c2d1abe5
SHA1:2e60ddf31429088419bdd186f10ff5e2d437236c
SHA256:9b571f59abe91b0684fec7bc2311225630ee92c647cd91f37847cd5f8f1dc85c
Tags:32dllexe
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Changes security center settings (notifications, updates, antivirus, firewall)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SgrmBroker.exe (PID: 7136 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)
  • svchost.exe (PID: 5272 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 808 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 4848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • loaddll32.exe (PID: 6048 cmdline: loaddll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 4552 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 4520 cmdline: rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6684 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 4592 cmdline: regsvr32.exe /s C:\Users\user\Desktop\PtBIxmYbK8.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • rundll32.exe (PID: 924 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 5648 cmdline: rundll32.exe C:\Users\user\Desktop\PtBIxmYbK8.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 6800 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Mjuakgeb\fhtvflqppfnv.wdg",DvMDRtCzK MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 1312 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Mjuakgeb\fhtvflqppfnv.wdg",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 808 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 512 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 4416 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 6620 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6048 -ip 6048 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 672 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4528 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4324 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5644 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW", "RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.345243637.0000000004BC1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000008.00000002.344911121.0000000004591000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      0000000F.00000002.385135770.0000000002DD1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000008.00000002.345163882.0000000004AD1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000F.00000002.385727612.0000000004B70000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 24 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            17.2.rundll32.exe.49b0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              15.2.rundll32.exe.4c00000.7.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                8.2.rundll32.exe.4a90000.2.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  3.2.loaddll32.exe.10d0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    15.2.rundll32.exe.4b70000.4.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 39 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4552, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\PtBIxmYbK8.dll",#1, ProcessId: 4520

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 8.2.rundll32.exe.4bc0000.5.unpackMalware Configuration Extractor: Emotet {"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW", "RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: PtBIxmYbK8.dllVirustotal: Detection: 15%Perma Link
                      Source: PtBIxmYbK8.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305787983.0000000004D37000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.306197869.0000000003223000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305884024.0000000003223000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.310197280.0000000005192000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000D.00000002.320300111.0000000002EB2000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000D.00000003.310197280.0000000005192000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310279384.0000000005195000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.306329684.000000000321D000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305873147.000000000321D000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000D.00000003.310197280.0000000005192000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310279384.0000000005195000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000D.00000003.310272488.0000000005190000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000D.00000003.310272488.0000000005190000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000D.00000003.310272488.0000000005190000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.306056486.0000000003229000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305888368.0000000003229000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdbk source: WerFault.exe, 0000000D.00000003.310197280.0000000005192000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.310272488.0000000005190000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000D.00000003.310272488.0000000005190000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000D.00000003.306056486.0000000003229000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305888368.0000000003229000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000D.00000003.306197869.0000000003223000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305884024.0000000003223000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.310285213.0000000005198000.00000004.00000040.sdmp, WerFault.exe, 0000000D.00000003.310219778.0000000005198000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000D.00000003.310178934.0000000005051000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000D.00000003.306329684.000000000321D000.00000004.00000001.sdmp, WerFault.exe, 0000000D.00000003.305873147.000000000321D000.00000004.00000001.sdmp

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2404332 ET CNC Feodo Tracker Reported CnC Server TCP group 17 192.168.2.3:49743 -> 45.138.98.34:80
                      Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.3:49744 -> 69.16.218.101:8080
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 69.16.218.101 144
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.138.98.34 80
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 45.138.98.34:80
                      Source: Malware configuration extractorIPs: 69.16.218.101:8080
                      Source: Malware configuration extractorIPs: 51.210.242.234:8080
                      Source: Malware configuration extractorIPs: 185.148.168.220:8080
                      Source: Malware configuration extractorIPs: 142.4.219.173:8080
                      Source: Malware configuration extractorIPs: 54.38.242.185:443
                      Source: Malware configuration extractorIPs: 191.252.103.16:80
                      Source: Malware configuration extractorIPs: 104.131.62.48:8080
                      Source: Malware configuration extractorIPs: 62.171.178.147:8080
                      Source: Malware configuration extractorIPs: 217.182.143.207:443
                      Source: Malware configuration extractorIPs: 168.197.250.14:80
                      Source: Malware configuration extractorIPs: 37.44.244.177:8080
                      Source: Malware configuration extractorIPs: 66.42.57.149:443
                      Source: Malware configuration extractorIPs: 210.57.209.142:8080
                      Source: Malware configuration extractorIPs: 159.69.237.188:443
                      Source: Malware configuration extractorIPs: 116.124.128.206:8080
                      Source: Malware configuration extractorIPs: 128.199.192.135:8080
                      Source: Malware configuration extractorIPs: 195.154.146.35:443
                      Source: Malware configuration extractorIPs: 185.148.168.15:8080
                      Source: Malware configuration extractorIPs: 195.77.239.39:8080
                      Source: Malware configuration extractorIPs: 207.148.81.119:8080
                      Source: Malware configuration extractorIPs: 85.214.67.203:8080
                      Source: Malware configuration extractorIPs: 190.90.233.66:443
                      Source: Malware configuration extractorIPs: 78.46.73.125:443
                      Source: Malware configuration extractorIPs: 78.47.204.80:443
                      Source: Malware configuration extractorIPs: 37.59.209.141:8080
                      Source: Malware configuration extractorIPs: 54.37.228.122:443
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                      Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                      Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                      Source: global trafficTCP traffic: 192.168.2.3:49753 -> 69.16.218.101:8080
                      Source: unknownNetwork traffic detected: IP country count 11
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.facebook.com (Facebook)
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.twitter.com (Twitter)
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.453039278.0000023177798000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.453039278.0000023177798000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmpString found in binary or memory: attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0011"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":104380919,"MaxInstallSizeInBytes":203345920,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0","PackageId":"3fbafb47-f476-4c26-4445-49acb9a726e6-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275328,\"platform.minVersion\":2814750710366559,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Music\",\"optOut.backupRestore\":true,\"optOut.removeableMedia\":false},\"policy2\":{\"ageRating\":3,\"optOut.DVR\":false,\"thirdPartyAppRatings\":[{\"level\":9,\"systemId\":3},{\"level\":81,
                      Source: svchost.exe, 0000001A.00000003.453009043.0000023177787000.00000004.00000001.sdmpString found in binary or memory: attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"ProductId":"9NCBCSZSJRSB","Properties":{"FulfillmentData":{"ProductId":"9NCBCSZSJRSB","WuCategoryId":"5c353b9c-7ac7-4d27-af07-923e7d9aa2e2","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","SkuId":"0011"},"FulfillmentType":"WindowsUpdate","FulfillmentPluginId":null,"Packages":[{"Applications":[{"ApplicationId":"Spotify"}],"Architectures":["x86"],"Capabilities":["internetClient","runFullTrust","Microsoft.storeFilter.core.notSupported_8wekyb3d8bbwe"],"ExperienceIds":[],"MaxDownloadSizeInBytes":104380919,"MaxInstallSizeInBytes":203345920,"PackageFormat":"Appx","PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","MainPackageFamilyNameForDlc":null,"PackageFullName":"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0","PackageId":"3fbafb47-f476-4c26-4445-49acb9a726e6-X86","PackageRank":30001,"PlatformDependencies":[{"MaxTested":2814750754275328,"MinVersion":2814750710366559,"PlatformName":"Windows.Desktop"}],"PlatformDependencyXmlBlob":"{\"blob.version\":1688867040526336,\"content.isMain\":false,\"content.packageId\":\"SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\",\"content.productId\":\"caac1b9d-621b-4f96-b143-e10e1397740a\",\"content.targetPlatforms\":[{\"platform.maxVersionTested\":2814750754275328,\"platform.minVersion\":2814750710366559,\"platform.target\":3}],\"content.type\":7,\"policy\":{\"category.first\":\"app\",\"category.second\":\"Music\",\"optOut.backupRestore\":true,\"optOut.removeableMedia\":false},\"policy2\":{\"ageRating\":3,\"optOut.DVR\":false,\"thirdPartyAppRatings\":[{\"level\":9,\"systemId\":3},{\"level\":81,
                      Source: svchost.exe, 0000001A.00000002.472723028.0000023177700000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 0000001A.00000002.472481866.0000023176EE7000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.18.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: svchost.exe, 0000001A.00000003.441248860.0000023177791000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.443775997.0000023177777000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441382268.00000231777B1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441129492.000002317776C000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441267741.000002317776D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441353106.00000231777D1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441319649.000002317779B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441399080.0000023177C02000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441299535.000002317777F000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: svchost.exe, 0000001A.00000002.472756328.000002317771F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microft8
                      Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
                      Source: svchost.exe, 0000001A.00000003.441248860.0000023177791000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.443775997.0000023177777000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441382268.00000231777B1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441129492.000002317776C000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441267741.000002317776D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441353106.00000231777D1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441319649.000002317779B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441399080.0000023177C02000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441299535.000002317777F000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 0000001A.00000003.441248860.0000023177791000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.443775997.0000023177777000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441382268.00000231777B1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441129492.000002317776C000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441267741.000002317776D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441353106.00000231777D1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441319649.000002317779B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441399080.0000023177C02000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441299535.000002317777F000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 0000001A.00000003.441248860.0000023177791000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.443775997.0000023177777000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441382268.00000231777B1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441129492.000002317776C000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441267741.000002317776D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441353106.00000231777D1000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441319649.000002317779B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441399080.0000023177C02000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.441299535.000002317777F000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 0000001A.00000003.445321406.000002317777F000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.446551226.000002317777F000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.446523607.0000023177C02000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_10001280 recvfrom,
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 17.2.rundll32.exe.49b0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4c00000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4a90000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4b70000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4bd0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.29c0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4b90000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.3130000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.2b10000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4cf0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4bc0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.2c40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.29c0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3250000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4ba0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.4b90000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4b90000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4a90000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4d50000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10a0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.loaddll32.exe.10a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4cf0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4590000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10a0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4a30000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4d20000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.rundll32.exe.3130000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.2c40000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4d50000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.3250000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.2b10000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4ab0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4bd0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4b70000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.2dd0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.loaddll32.exe.10a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4750000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.0.loaddll32.exe.10d0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.4ad0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.rundll32.exe.4a30000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.345243637.0000000004BC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.344911121.0000000004591000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385135770.0000000002DD1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345163882.0000000004AD1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385727612.0000000004B70000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.346835949.00000000049B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.301361831.00000000010D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.292884938.0000000003250000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.325185349.00000000010A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.346349668.0000000003130000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345117733.0000000004A90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345389551.0000000004D50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385657332.0000000004AB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385833414.0000000004BD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.301328959.00000000010A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.292946530.0000000004B91000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.299739915.00000000010D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345356242.0000000004D21000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.344514792.0000000002C40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345313925.0000000004CF0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.335991032.00000000029C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000000.299543600.00000000010A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.336442645.0000000004751000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.325240760.00000000010D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.345214624.0000000004B90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385786113.0000000004BA1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.384990047.0000000002B10000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385594738.0000000004A30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.385904649.0000000004C01000.00000020.00000001.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: PtBIxmYbK8.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 6048 -ip 6048
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Mjuakgeb\fhtvflqppfnv.wdg:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Mjuakgeb\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EEFDD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DEF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F2B09
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D670B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EAD08
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E5515
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E8D3D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D1F38
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E5333
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DD14C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E654A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E2142
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E7D5B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EFF58
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EE955
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F2D53
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DF369
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E017B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E5779
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D6B7A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E4F74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E9774
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D238C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DFB8E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E0F86
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E6187
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E3D85
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D2194
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E8FAE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F07AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D77A3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010ED1BC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F17BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DBFBE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D57B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DE7DE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DC5D8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EC5D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E67E6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E85FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D4BFC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D55FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EE1F8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E9DF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E7A0F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F2009
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E8806
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E9A01
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DB820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D8636
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D3431
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DA445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E4244
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DE640
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EF840
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D7442
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E2E5D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EB257
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E4A66
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F0A64
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F3263
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D7E79
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D7078
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E567B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DDE74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EA474
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DA871
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EDC71
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E3EAA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DBAA9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F36AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EA2A5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D1CA1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F46BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E0EBC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010E0ABA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DC6B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010D80C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010ED8DB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010ECCD9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010ECAD5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F00EF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010DF0E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010F3EE9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EE4E5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 3_2_010EBEFD
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_100291F6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1002F378
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_100403D7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1004250B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_10041557
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_100395A1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1002F784
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1004091B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1002EACF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1002FBA4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_10035D96
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_10040E5F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_1002EFA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100291F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1002F378
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100403D7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1004250B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10041557
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_100395A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1002F784
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1004091B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1002EACF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1002FBA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10035D96
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_10040E5F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_1002EFA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AB257
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459DE74
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A4A66
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B2009
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A7A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04598636
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AFF58
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AE955
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A654A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A2142
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459670B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AAD08
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459C5D8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AEFDD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A85FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B17BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A2E5D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459E640
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AF840
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04597442
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459A445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A4244
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04597E79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04597078
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A567B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459A871
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045ADC71
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AA474
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B3263
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B0A64
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A9A01
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A8806
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04593431
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459B820
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AD8DB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045ACCD9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045ACAD5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045980C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045ABEFD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459F0E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B3EE9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B00EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AE4E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A0ABA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459C6B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B46BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A0EBC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A3EAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459BAA9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B36AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04591CA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045AA2A5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A7D5B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045B2D53
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_0459D14C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A437A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A017B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A5779
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_04596B7A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_2_045A4F